Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

gustavo27

[Arquivado] Li as REGRAS !

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

gustavo27    0

gustavo27
Postado

Se eu desligo ou reinicio, o computador não funciona o teclado (só 5 caracteres) e nem o touchpad. Ai, em questão de minutos ele trava. Quando trava, não desliga nem no botão de desligar, então eu só consigo desligar retirando a fonte e descarregando a bateria. Ao descarregar a bateria e religar a fonte, ele liga e funciona normalmente, perfeitamente. Todavia, não posso desligar ou reiniciar porque ele volta sem teclado e touchpad, trava e não desliga ou reinicia novamente, a não ser que eu, mais uma vez, descarregue a bateria.

 

SEgue o log do hijack

 

Vou aguardar resposta no prazo do fórum

 

Antecipadamente agradecido

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:11:39, on 14/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\DOCUME~1\Usuario\CONFIG~1\Temp\RtkBtMnt.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Usuario\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

 

--

End of file - 4466 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa gustavo27,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um log do Hijackthis.

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

gustavo27    0

gustavo27
Postado

jgarcia, meu computador não reiniciou. Segue, abaixo, o log do combofix e, em seguida, o novo log do hijackthis.

 

Aguardo nova instrução

 

ComboFix 08-08-14.02 - Usuario 2008-08-14 23:51:48.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.564 [GMT -3:00]

Executando de: C:\Documents and Settings\Usuario\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\dllcache\npptools.dll

C:\WINDOWS\system32\npptools.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-15 to 2008-08-15 ))))))))))))))))))))))))))))))))

.

 

2008-08-14 12:07 . 2008-08-14 12:07 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\Grisoft

2008-08-14 12:07 . 2008-08-14 12:07 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-08-14 12:07 . 2007-05-30 09:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-08-14 11:50 . 2008-08-14 11:59 14,113,576 --a------ C:\Arquivos de programas\ewido-setup.exe

2008-08-14 11:47 . 2008-08-14 11:47 180,719 --a------ C:\Arquivos de programas\bankerfix.exe

2008-08-14 11:46 . 2008-08-14 11:46 92,672 --a------ C:\Arquivos de programas\KillBox.exe

2008-08-14 09:19 . 2008-08-14 09:19 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-08-14 09:18 . 2008-08-14 09:18 860,120 --a------ C:\Arquivos de programas\ccsetup210_slim.exe

2008-08-13 22:47 . 2008-08-13 22:47 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\PC Tools

2008-08-13 22:47 . 2008-08-13 22:44 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys

2008-08-13 22:43 . 2008-08-13 22:47 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\PC Tools

2008-08-13 22:02 . 2008-08-13 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-08-13 22:02 . 2008-08-13 22:02 <DIR> d-------- C:\Arquivos de programas\Avira

2008-08-13 21:45 . 2008-08-13 21:59 25,049,240 --a------ C:\Arquivos de programas\antivir_workstation_winu_en_h.exe

2008-08-13 12:12 . 2008-08-13 15:02 <DIR> d-------- C:\Arquivos de programas\FastStone Image Viewer

2008-08-13 11:49 . 2008-08-13 11:50 4,261,270 --a------ C:\Arquivos de programas\FSViewerSetup35.exe

2008-08-12 15:40 . 2008-08-12 15:40 1,404,731 --a------ C:\Arquivos de programas\ForceVision_Setup.exe

2008-08-12 13:45 . 2008-08-13 12:14 <DIR> d-------- C:\Arquivos de programas\IrfanView

2008-08-12 13:38 . 2008-08-12 13:46 1,059,062,272 --ahs---- C:\eDS_PSD_drive.vmdf

2008-08-12 13:37 . 2008-08-12 13:37 188 --a------ C:\WINDOWS\system32\eDataSecurity.dat

2008-08-12 13:29 . 2008-08-12 13:29 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-08-12 13:23 . 2008-08-12 13:23 <DIR> d-------- C:\Arquivos de programas\Synaptics

2008-08-12 13:23 . 2006-08-16 11:34 193,056 --a------ C:\WINDOWS\system32\drivers\SynTP.sys

2008-08-12 13:23 . 2006-08-16 11:34 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll

2008-08-12 13:23 . 2006-08-16 11:34 94,297 --a------ C:\WINDOWS\system32\SynTPAPI.dll

2008-08-12 13:23 . 2006-08-16 11:34 82,012 --a------ C:\WINDOWS\system32\SynCOM.dll

2008-08-12 13:23 . 2006-08-16 11:34 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll

2008-08-12 13:23 . 2006-08-16 11:34 69,721 --a------ C:\WINDOWS\system32\SynTPFcs.dll

2008-08-12 12:56 . 2006-08-03 10:19 69,632 --a------ C:\WINDOWS\system32\drivers\int15.sys

2008-08-12 12:56 . 2006-08-03 10:19 14,544 --a------ C:\WINDOWS\system32\drivers\TVicPort.sys

2008-08-12 12:56 . 2006-08-03 10:19 8,704 --a------ C:\WINDOWS\system32\drivers\TVicPort64.sys

2008-08-12 12:56 . 2006-08-03 10:19 8,704 --a------ C:\WINDOWS\system32\drivers\int15_64.sys

2008-08-12 12:56 . 2006-08-03 10:19 6,144 --a------ C:\WINDOWS\system32\drivers\zntport64.sys

2008-08-12 12:56 . 2006-08-03 10:19 6,080 --a------ C:\WINDOWS\system32\drivers\zntport.sys

2008-08-12 12:55 . 2005-04-07 18:08 78,208 --a------ C:\WINDOWS\system32\drivers\epm-shd.sys

2008-08-12 12:55 . 2006-06-05 09:39 53,248 --a------ C:\WINDOWS\system32\acpimof.dll

2008-08-12 12:55 . 2006-02-16 15:39 45,056 --a------ C:\WINDOWS\system32\Epm-Po.dll

2008-08-12 12:55 . 2004-07-19 13:10 4,096 --a------ C:\WINDOWS\system32\drivers\epm-psd.sys

2008-08-12 12:54 . 2006-06-13 14:42 602,112 --a------ C:\WINDOWS\system32\Acer.Empowering.Windows.Forms_v820.dll

2008-08-12 12:54 . 2006-06-29 10:29 602,112 --a------ C:\WINDOWS\system32\Acer.Empowering.Windows.Forms.dll

2008-08-12 12:54 . 2006-05-25 18:18 331,776 --a------ C:\WINDOWS\system32\ScrollBarLib.dll

2008-08-12 12:54 . 2006-02-22 11:19 69,632 --a------ C:\WINDOWS\system32\eRecUtil.dll

2008-08-12 12:54 . 2006-05-25 18:18 53,248 --a------ C:\WINDOWS\system32\Interop.Shell32.dll

2008-08-12 12:54 . 2006-04-18 19:54 49,152 --a------ C:\WINDOWS\system32\SysMonitor.exe

2008-08-12 12:53 . 2008-08-12 12:53 <DIR> d-------- C:\Acer

2008-08-12 12:53 . 2006-02-22 11:19 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll

2008-08-12 12:18 . 2008-08-12 12:18 50,943,834 --------- C:\Arquivos de programas\setup_GTS_Photo_Digital_Pro.exe

2008-08-12 12:05 . 2008-08-12 12:05 1,352,704 --------- C:\Arquivos de programas\photorec.exe

2008-08-12 11:50 . 2008-08-12 11:51 <DIR> d-------- C:\WINDOWS\system32\URTTemp

2008-08-12 11:47 . 2008-08-12 11:47 1,305,600 --------- C:\Arquivos de programas\iview420_setup.exe

2008-08-12 08:41 . 2008-08-12 08:41 <DIR> d-------- C:\Arquivos de programas\Launch Manager

2008-08-12 08:41 . 2008-08-12 08:41 91 --a------ C:\WINDOWS\QtZgAcer.UNI

2008-08-11 19:29 . 2008-08-13 17:35 512 --a------ C:\WINDOWS\randseed.rnd

2008-08-11 19:26 . 2008-08-11 19:26 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Cisco Systems

2008-08-10 11:43 . 2008-08-08 03:17 6,974,864 --------- C:\Arquivos de programas\serif_ph55preloader.exe

2008-08-09 18:49 . 2008-08-08 04:14 18,348,886 --------- C:\Arquivos de programas\klmcodec410.exe

2008-08-09 18:49 . 2008-08-08 04:21 9,372,206 --------- C:\Arquivos de programas\17201_bsplayer_228.exe

2008-08-09 18:49 . 2008-08-08 04:04 7,328,456 --------- C:\Arquivos de programas\Firefox Setup 3.0.1.exe

2008-08-09 18:49 . 2008-08-08 04:20 1,495,112 --------- C:\Arquivos de programas\install_flash_player.exe

2008-08-09 18:49 . 2008-01-06 18:38 171,605 --------- C:\Arquivos de programas\hjsplit.zip

2008-08-08 11:46 . 2008-08-08 11:46 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\Media Player Classic

2008-08-08 10:00 . 2008-08-08 10:00 <DIR> d-------- C:\WhenU

2008-08-08 10:00 . 2008-08-08 10:00 <DIR> d-------- C:\MeMe

2008-08-08 10:00 . 2008-08-08 10:00 <DIR> d-------- C:\Feedback

2008-08-08 10:00 . 2008-08-08 10:00 <DIR> d-------- C:\Arquivos de programas\SaveNow

2008-08-08 10:00 . 2008-08-08 10:00 <DIR> d-------- C:\Arquivos de programas\%EXTRACT_DIR%

2008-08-08 09:34 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

2008-08-08 09:34 . 2001-08-17 21:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys

2008-08-08 04:43 . 2008-08-08 04:43 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\FastStone

2008-08-08 04:36 . 2008-08-08 04:36 <DIR> d-------- C:\Arquivos de programas\Serif

2008-08-08 04:36 . 1997-06-02 12:32 314,880 --a------ C:\WINDOWS\IsUninst.exe

2008-08-08 04:35 . 2008-08-08 04:35 <DIR> d-------- C:\Documents and Settings\Usuario\WINDOWS

2008-08-08 04:33 . 2008-08-08 04:33 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-08-08 04:30 . 2008-08-12 01:11 <DIR> d-------- C:\Arquivos de programas\BSplayer

2008-08-08 04:06 . 2008-08-08 04:06 0 --a------ C:\WINDOWS\nsreg.dat

2008-08-08 03:21 . 2008-08-08 03:21 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\PC Tools

2008-08-08 03:21 . 2008-08-14 23:46 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-08-08 03:21 . 2008-08-14 23:46 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor

2008-08-08 03:21 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-08-08 03:21 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-08-08 03:21 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-08-08 03:21 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-08-08 02:39 . 2008-08-14 12:50 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-08-08 00:38 . 2008-08-08 00:38 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Acer

2008-08-08 00:38 . 2008-08-12 11:47 <DIR> d-------- C:\Arquivos de programas\Acer

2008-08-08 00:32 . 2008-08-08 00:32 <DIR> d-------- C:\Arquivos de programas\CONEXANT

2008-08-08 00:32 . 2006-08-16 11:22 424,320 --a------ C:\WINDOWS\system32\drivers\BCMWL5.SYS

2008-08-07 23:53 . 2008-08-07 23:53 <DIR> d-------- C:\Arquivos de programas\Atheros

2008-08-07 23:53 . 2006-01-25 10:44 488,448 --a------ C:\WINDOWS\system32\drivers\ar5211.sys

2008-08-07 23:53 . 2005-06-21 13:32 28,544 --a------ C:\WINDOWS\system32\drivers\callistx.sys

2008-08-07 23:52 . 2008-08-07 23:52 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-08-07 23:52 . 2008-08-07 23:52 <DIR> d-------- C:\WINDOWS\Options

2008-08-07 23:52 . 2008-08-07 23:52 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\InstallShield

2008-08-07 23:12 . 2008-08-07 23:12 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-08-07 23:12 . 2008-08-07 23:12 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-08-07 23:11 . 2008-08-07 23:11 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-08-07 23:08 . 2004-02-13 13:49 356,352 --a------ C:\WINDOWS\EMCRI.dll

2008-08-07 23:05 . 2008-08-07 23:05 <DIR> d-------- C:\Arquivos de programas\ATI Technologies

2008-08-07 23:05 . 2008-08-07 23:05 1,781 --a------ C:\WINDOWS\ATICIM.INI

2008-08-07 23:02 . 2008-08-07 23:02 <DIR> d-------- C:\Arquivos de programas\Realtek

2008-08-07 19:24 . 2004-08-03 21:36 57,984 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2008-08-07 19:24 . 2004-08-03 19:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys

2008-08-07 19:24 . 2001-08-17 18:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

2008-08-07 19:23 . 2004-08-03 21:45 76,288 --a------ C:\WINDOWS\system32\usbui.dll

2008-08-07 19:23 . 2004-08-03 20:07 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys

2008-08-07 19:23 . 2001-08-17 18:57 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys

2008-08-07 19:23 . 2001-08-17 18:58 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys

2008-08-07 19:23 . 2004-08-03 20:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys

2008-08-07 19:21 . 2008-08-14 23:53 <DIR> d-------- C:\WINDOWS\system32\CatRoot2

2008-08-07 19:21 . 2008-08-07 22:27 <DIR> d--h----- C:\Documents and Settings\Default User\Modelos

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> d-------- C:\Documents and Settings\Default User\Meus documentos

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> dr------- C:\Documents and Settings\Default User\Menu Iniciar

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> d-------- C:\Documents and Settings\Default User\Favoritos

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> dr-h----- C:\Documents and Settings\Default User\Dados de aplicativos

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> dr-h----- C:\Documents and Settings\Default User\Configurações locais

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> d--h----- C:\Documents and Settings\Default User\Ambiente de rede

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> d--h----- C:\Documents and Settings\Default User\Ambiente de impressão

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> d--h----- C:\Documents and Settings\All Users\Modelos

2008-08-07 19:21 . 2008-08-13 16:26 <DIR> dr------- C:\Documents and Settings\All Users\Menu Iniciar

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> d-------- C:\Documents and Settings\All Users\Favoritos

2008-08-07 19:21 . 2008-08-07 22:28 <DIR> dr------- C:\Documents and Settings\All Users\Documentos

2008-08-07 19:21 . 2008-08-14 12:07 <DIR> dr-h----- C:\Documents and Settings\All Users\Dados de aplicativos

2008-08-07 19:03 . 2008-08-07 22:36 <DIR> d-------- C:\Documents and Settings

2008-08-07 19:02 . 2008-08-07 22:34 261 --a------ C:\WINDOWS\system32\$winnt$.inf

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-14 11:37 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-14 11:37 --------- d-----w C:\Arquivos de programas\CyberLink

2008-08-12 16:29 6,302 ----a-w C:\Arquivos de programas\0x0816.ini

2008-08-12 16:29 551,331 ----a-w C:\Arquivos de programas\setup.isn

2008-08-12 16:29 34,816 ----a-w C:\Arquivos de programas\2070.MST

2008-08-12 16:29 31,187,456 ----a-w C:\Arquivos de programas\Acer eDataSecurity Management.msi

2008-08-12 16:29 2,191 ----a-w C:\Arquivos de programas\Setup.INI

2008-08-12 15:26 58,057 ----a-w C:\Arquivos de programas\ISO2_DVD.nri

2008-08-08 06:33 3,676,142 ----a-w C:\Arquivos de programas\ISO1_DVD.nri

2008-08-08 02:06 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-08-08 01:49 --------- d-----w C:\Arquivos de programas\Kaspersky Lab

2008-08-08 01:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2008-08-08 01:46 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-08-08 01:46 --------- d-----w C:\Arquivos de programas\Ahead

2008-08-08 01:44 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-08-08 01:40 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2008-08-08 01:40 --------- d-----w C:\Arquivos de programas\Microsoft Works

2008-08-08 01:32 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-08-08 01:30 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-08-08 01:29 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\divx.dll

2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]

"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-30 09:57 442368]

"!AVG Anti-Spyware"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 06:25 6731312]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 11:23 16248320 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-08-16 11:21 2879488 C:\WINDOWS\SkyTel.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Acer Empowering Technology.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Acer Empowering Technology.lnk

backup=C:\WINDOWS\pss\Acer Empowering Technology.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]

--------- 2006-08-16 11:20 53248 C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]

--a------ 2006-07-31 21:02 346112 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

--a------ 2006-12-06 23:11 483328 C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Brazilian\\setup.exe"=

 

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-08-13 22:44]

S2 nvmini;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\system32\DRIVERS\nvmini.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74ef9f75-64ea-11dd-bce5-001636a5e69e}]

\Shell\AutoRun\command - G:\pa39xth.cmd

\Shell\explore\Command - G:\pa39xth.cmd

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec1603c4-67f3-11dd-bd02-001636a5e69e}]

\Shell\AutoRun\command - F:\g83816.com

\Shell\explore\Command - F:\g83816.com

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\2nzo78cs.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.stf.jus.br

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-14 23:53:16

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-08-14 23:53:58

ComboFix-quarantined-files.txt 2008-08-15 02:53:55

 

Pre-Run: 9 pasta(s) 13,460,860,928 bytes disponíveis

Post-Run: 12 pasta(s) 13,472,026,624 bytes disponíveis

 

226

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:57:20, on 14/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\svchost.exe

C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Documents and Settings\Usuario\Desktop\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

 

--

End of file - 4991 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa gustavo27,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

C:\WINDOWS\system32\drivers\pctfw2.sys

C:\WINDOWS\system32\eDataSecurity.dat

C:\WINDOWS\system32\SysMonitor.exe

C:\WINDOWS\nsreg.dat

C:\WINDOWS\EMCRI.dll

C:\WINDOWS\ATICIM.INI

C:\eDS_PSD_drive.vmdf

F:\g83816.com

G:\pa39xth.cmd

Folder::

C:\WhenU

C:\MeMe

C:\Feedback

C:\Arquivos de programas\SaveNow

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74ef9f75-64ea-11dd-bce5-001636a5e69e}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec1603c4-67f3-11dd-bd02-001636a5e69e}]

Driver::

pctfw2

ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

  • 2. Salve o arquivo como CFScript.txt;
     
    3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
    645i642.gif
     
    4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços.

 

PS.: Execute a ação com o pendrive conectado ao PC.

Compartilhar este post

Link para o post
Compartilhar em outros sites

gustavo27    0

gustavo27
Postado

jgarcia,

 

 

quando o combofix terminou, reiniciou meu computador e, na volta, gerou o log. Assim que gravei o log (sem o teclado, que não funcionava), a área de trabalho ficou vazia só com a foto, então desliguei no botao de desligar e ele voltou funcionando normalmente (o que já é espantoso!).

 

Segue, abaixo, o 2º log do combofix e o 3º do hijackthis

 

Aguardo novas instruções

 

Tenha um excelente resto de sábado e um bom domingo

 

ComboFix 08-08-14.02 - Usuario 2008-08-16 22:02:02.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.466 [GMT -3:00]

Executando de: C:\Documents and Settings\Usuario\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Usuario\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

 

FILE ::

C:\eDS_PSD_drive.vmdf

C:\WINDOWS\ATICIM.INI

C:\WINDOWS\EMCRI.dll

C:\WINDOWS\nsreg.dat

C:\WINDOWS\system32\drivers\pctfw2.sys

C:\WINDOWS\system32\eDataSecurity.dat

C:\WINDOWS\system32\SysMonitor.exe

F:\g83816.com

G:\pa39xth.cmd

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\SaveNow

C:\eDS_PSD_drive.vmdf

C:\Feedback

C:\MeMe

C:\WhenU

C:\WINDOWS\ATICIM.INI

C:\WINDOWS\EMCRI.dll

C:\WINDOWS\nsreg.dat

C:\WINDOWS\system32\drivers\pctfw2.sys

C:\WINDOWS\system32\eDataSecurity.dat

C:\WINDOWS\system32\SysMonitor.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_PCTFW2

-------\Service_pctfw2

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))))

.

 

2008-08-16 22:07 . 2008-08-13 22:44 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys

2008-08-14 12:07 . 2008-08-14 12:07 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\Grisoft

2008-08-14 12:07 . 2008-08-14 12:07 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-08-14 12:07 . 2007-05-30 09:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-08-14 11:50 . 2008-08-14 11:59 14,113,576 --a------ C:\Arquivos de programas\ewido-setup.exe

2008-08-14 11:47 . 2008-08-14 11:47 180,719 --a------ C:\Arquivos de programas\bankerfix.exe

2008-08-14 11:46 . 2008-08-14 11:46 92,672 --a------ C:\Arquivos de programas\KillBox.exe

2008-08-14 09:19 . 2008-08-14 09:19 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-08-14 09:18 . 2008-08-14 09:18 860,120 --a------ C:\Arquivos de programas\ccsetup210_slim.exe

2008-08-13 22:47 . 2008-08-13 22:47 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\PC Tools

2008-08-13 22:43 . 2008-08-13 22:47 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\PC Tools

2008-08-13 22:02 . 2008-08-13 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-08-13 22:02 . 2008-08-13 22:02 <DIR> d-------- C:\Arquivos de programas\Avira

2008-08-13 21:45 . 2008-08-13 21:59 25,049,240 --a------ C:\Arquivos de programas\antivir_workstation_winu_en_h.exe

2008-08-13 12:12 . 2008-08-13 15:02 <DIR> d-------- C:\Arquivos de programas\FastStone Image Viewer

2008-08-13 11:49 . 2008-08-13 11:50 4,261,270 --a------ C:\Arquivos de programas\FSViewerSetup35.exe

2008-08-12 15:40 . 2008-08-12 15:40 1,404,731 --a------ C:\Arquivos de programas\ForceVision_Setup.exe

2008-08-12 13:45 . 2008-08-13 12:14 <DIR> d-------- C:\Arquivos de programas\IrfanView

2008-08-12 13:29 . 2008-08-12 13:29 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-08-12 13:23 . 2008-08-12 13:23 <DIR> d-------- C:\Arquivos de programas\Synaptics

2008-08-12 13:23 . 2006-08-16 11:34 193,056 --a------ C:\WINDOWS\system32\drivers\SynTP.sys

2008-08-12 13:23 . 2006-08-16 11:34 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll

2008-08-12 13:23 . 2006-08-16 11:34 94,297 --a------ C:\WINDOWS\system32\SynTPAPI.dll

2008-08-12 13:23 . 2006-08-16 11:34 82,012 --a------ C:\WINDOWS\system32\SynCOM.dll

2008-08-12 13:23 . 2006-08-16 11:34 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll

2008-08-12 13:23 . 2006-08-16 11:34 69,721 --a------ C:\WINDOWS\system32\SynTPFcs.dll

2008-08-12 12:56 . 2006-08-03 10:19 69,632 --a------ C:\WINDOWS\system32\drivers\int15.sys

2008-08-12 12:56 . 2006-08-03 10:19 14,544 --a------ C:\WINDOWS\system32\drivers\TVicPort.sys

2008-08-12 12:56 . 2006-08-03 10:19 8,704 --a------ C:\WINDOWS\system32\drivers\TVicPort64.sys

2008-08-12 12:56 . 2006-08-03 10:19 8,704 --a------ C:\WINDOWS\system32\drivers\int15_64.sys

2008-08-12 12:56 . 2006-08-03 10:19 6,144 --a------ C:\WINDOWS\system32\drivers\zntport64.sys

2008-08-12 12:56 . 2006-08-03 10:19 6,080 --a------ C:\WINDOWS\system32\drivers\zntport.sys

2008-08-12 12:55 . 2005-04-07 18:08 78,208 --a------ C:\WINDOWS\system32\drivers\epm-shd.sys

2008-08-12 12:55 . 2006-06-05 09:39 53,248 --a------ C:\WINDOWS\system32\acpimof.dll

2008-08-12 12:55 . 2006-02-16 15:39 45,056 --a------ C:\WINDOWS\system32\Epm-Po.dll

2008-08-12 12:55 . 2004-07-19 13:10 4,096 --a------ C:\WINDOWS\system32\drivers\epm-psd.sys

2008-08-12 12:54 . 2006-06-13 14:42 602,112 --a------ C:\WINDOWS\system32\Acer.Empowering.Windows.Forms_v820.dll

2008-08-12 12:54 . 2006-06-29 10:29 602,112 --a------ C:\WINDOWS\system32\Acer.Empowering.Windows.Forms.dll

2008-08-12 12:54 . 2006-05-25 18:18 331,776 --a------ C:\WINDOWS\system32\ScrollBarLib.dll

2008-08-12 12:54 . 2006-02-22 11:19 69,632 --a------ C:\WINDOWS\system32\eRecUtil.dll

2008-08-12 12:54 . 2006-05-25 18:18 53,248 --a------ C:\WINDOWS\system32\Interop.Shell32.dll

2008-08-12 12:53 . 2008-08-12 12:53 <DIR> d-------- C:\Acer

2008-08-12 12:53 . 2006-02-22 11:19 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll

2008-08-12 12:18 . 2008-08-12 12:18 50,943,834 --------- C:\Arquivos de programas\setup_GTS_Photo_Digital_Pro.exe

2008-08-12 12:05 . 2008-08-12 12:05 1,352,704 --------- C:\Arquivos de programas\photorec.exe

2008-08-12 11:50 . 2008-08-12 11:51 <DIR> d-------- C:\WINDOWS\system32\URTTemp

2008-08-12 11:47 . 2008-08-12 11:47 1,305,600 --------- C:\Arquivos de programas\iview420_setup.exe

2008-08-12 08:41 . 2008-08-12 08:41 <DIR> d-------- C:\Arquivos de programas\Launch Manager

2008-08-12 08:41 . 2008-08-12 08:41 91 --a------ C:\WINDOWS\QtZgAcer.UNI

2008-08-11 19:29 . 2008-08-13 17:35 512 --a------ C:\WINDOWS\randseed.rnd

2008-08-11 19:26 . 2008-08-11 19:26 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Cisco Systems

2008-08-10 11:43 . 2008-08-08 03:17 6,974,864 --------- C:\Arquivos de programas\serif_ph55preloader.exe

2008-08-09 18:49 . 2008-08-08 04:14 18,348,886 --------- C:\Arquivos de programas\klmcodec410.exe

2008-08-09 18:49 . 2008-08-08 04:21 9,372,206 --------- C:\Arquivos de programas\17201_bsplayer_228.exe

2008-08-09 18:49 . 2008-08-08 04:04 7,328,456 --------- C:\Arquivos de programas\Firefox Setup 3.0.1.exe

2008-08-09 18:49 . 2008-08-08 04:20 1,495,112 --------- C:\Arquivos de programas\install_flash_player.exe

2008-08-09 18:49 . 2008-01-06 18:38 171,605 --------- C:\Arquivos de programas\hjsplit.zip

2008-08-08 11:46 . 2008-08-08 11:46 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\Media Player Classic

2008-08-08 10:00 . 2008-08-08 10:00 <DIR> d-------- C:\Arquivos de programas\%EXTRACT_DIR%

2008-08-08 09:34 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

2008-08-08 09:34 . 2001-08-17 21:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys

2008-08-08 04:43 . 2008-08-08 04:43 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\FastStone

2008-08-08 04:36 . 2008-08-08 04:36 <DIR> d-------- C:\Arquivos de programas\Serif

2008-08-08 04:36 . 1997-06-02 12:32 314,880 --a------ C:\WINDOWS\IsUninst.exe

2008-08-08 04:35 . 2008-08-08 04:35 <DIR> d-------- C:\Documents and Settings\Usuario\WINDOWS

2008-08-08 04:33 . 2008-08-08 04:33 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-08-08 04:30 . 2008-08-12 01:11 <DIR> d-------- C:\Arquivos de programas\BSplayer

2008-08-08 03:21 . 2008-08-08 03:21 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\PC Tools

2008-08-08 03:21 . 2008-08-16 22:06 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-08-08 03:21 . 2008-08-16 19:59 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor

2008-08-08 03:21 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-08-08 03:21 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-08-08 03:21 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-08-08 03:21 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-08-08 02:39 . 2008-08-15 13:31 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-08-08 00:38 . 2008-08-08 00:38 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Acer

2008-08-08 00:38 . 2008-08-12 11:47 <DIR> d-------- C:\Arquivos de programas\Acer

2008-08-08 00:32 . 2008-08-08 00:32 <DIR> d-------- C:\Arquivos de programas\CONEXANT

2008-08-08 00:32 . 2006-08-16 11:22 424,320 --a------ C:\WINDOWS\system32\drivers\BCMWL5.SYS

2008-08-07 23:53 . 2008-08-07 23:53 <DIR> d-------- C:\Arquivos de programas\Atheros

2008-08-07 23:53 . 2006-01-25 10:44 488,448 --a------ C:\WINDOWS\system32\drivers\ar5211.sys

2008-08-07 23:53 . 2005-06-21 13:32 28,544 --a------ C:\WINDOWS\system32\drivers\callistx.sys

2008-08-07 23:52 . 2008-08-07 23:52 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-08-07 23:52 . 2008-08-07 23:52 <DIR> d-------- C:\WINDOWS\Options

2008-08-07 23:52 . 2008-08-07 23:52 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\InstallShield

2008-08-07 23:12 . 2008-08-07 23:12 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-08-07 23:12 . 2008-08-07 23:12 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-08-07 23:11 . 2008-08-07 23:11 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-08-07 23:05 . 2008-08-07 23:05 <DIR> d-------- C:\Arquivos de programas\ATI Technologies

2008-08-07 23:02 . 2008-08-07 23:02 <DIR> d-------- C:\Arquivos de programas\Realtek

2008-08-07 19:24 . 2004-08-03 21:36 57,984 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2008-08-07 19:24 . 2004-08-03 19:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys

2008-08-07 19:24 . 2001-08-17 18:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

2008-08-07 19:23 . 2004-08-03 21:45 76,288 --a------ C:\WINDOWS\system32\usbui.dll

2008-08-07 19:23 . 2004-08-03 20:07 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys

2008-08-07 19:23 . 2001-08-17 18:57 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys

2008-08-07 19:23 . 2001-08-17 18:58 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys

2008-08-07 19:23 . 2004-08-03 20:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys

2008-08-07 19:21 . 2008-08-16 19:56 <DIR> d-------- C:\WINDOWS\system32\CatRoot2

2008-08-07 19:21 . 2008-08-07 22:27 <DIR> d--h----- C:\Documents and Settings\Default User\Modelos

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> d-------- C:\Documents and Settings\Default User\Meus documentos

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> dr------- C:\Documents and Settings\Default User\Menu Iniciar

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> d-------- C:\Documents and Settings\Default User\Favoritos

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> dr-h----- C:\Documents and Settings\Default User\Dados de aplicativos

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> dr-h----- C:\Documents and Settings\Default User\Configura‡äes locais

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> d--h----- C:\Documents and Settings\Default User\Ambiente de rede

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> d--h----- C:\Documents and Settings\Default User\Ambiente de impressÆo

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> d--h----- C:\Documents and Settings\All Users\Modelos

2008-08-07 19:21 . 2008-08-13 16:26 <DIR> dr------- C:\Documents and Settings\All Users\Menu Iniciar

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> d-------- C:\Documents and Settings\All Users\Favoritos

2008-08-07 19:21 . 2008-08-07 22:28 <DIR> dr------- C:\Documents and Settings\All Users\Documentos

2008-08-07 19:21 . 2008-08-14 12:07 <DIR> dr-h----- C:\Documents and Settings\All Users\Dados de aplicativos

2008-08-07 19:03 . 2008-08-07 22:36 <DIR> d-------- C:\Documents and Settings

2008-08-07 19:02 . 2008-08-07 22:34 261 --a------ C:\WINDOWS\system32\$winnt$.inf

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-14 11:37 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-14 11:37 --------- d-----w C:\Arquivos de programas\CyberLink

2008-08-12 16:29 6,302 ----a-w C:\Arquivos de programas\0x0816.ini

2008-08-12 16:29 551,331 ----a-w C:\Arquivos de programas\setup.isn

2008-08-12 16:29 34,816 ----a-w C:\Arquivos de programas\2070.MST

2008-08-12 16:29 31,187,456 ----a-w C:\Arquivos de programas\Acer eDataSecurity Management.msi

2008-08-12 16:29 2,191 ----a-w C:\Arquivos de programas\Setup.INI

2008-08-12 15:26 58,057 ----a-w C:\Arquivos de programas\ISO2_DVD.nri

2008-08-08 06:33 3,676,142 ----a-w C:\Arquivos de programas\ISO1_DVD.nri

2008-08-08 02:06 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-08-08 01:49 --------- d-----w C:\Arquivos de programas\Kaspersky Lab

2008-08-08 01:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2008-08-08 01:46 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-08-08 01:46 --------- d-----w C:\Arquivos de programas\Ahead

2008-08-08 01:44 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-08-08 01:40 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2008-08-08 01:40 --------- d-----w C:\Arquivos de programas\Microsoft Works

2008-08-08 01:32 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-08-08 01:30 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-08-08 01:29 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\divx.dll

2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]

"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-30 09:57 442368]

"!AVG Anti-Spyware"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 06:25 6731312]

"ISTray"="C:\Arquivos de programas\Spyware Doctor\pctsTray.exe" [2008-07-16 09:16 1166216]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 11:23 16248320 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-08-16 11:21 2879488 C:\WINDOWS\SkyTel.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Acer Empowering Technology.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Acer Empowering Technology.lnk

backup=C:\WINDOWS\pss\Acer Empowering Technology.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]

--------- 2006-08-16 11:20 53248 C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]

--a------ 2006-07-31 21:02 346112 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

--a------ 2006-12-06 23:11 483328 C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Brazilian\\setup.exe"=

 

S2 nvmini;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\system32\DRIVERS\nvmini.sys []

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-16 22:07:03

Windows 5.1.2600 Service Pack 2 NTFS

 

detected NTDLL code modification:

ZwClose

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

 

C:\WINDOWS\system32\drivers\pctfw2.sys 160792 bytes executable

 

Varredura completada com sucesso

Ficheiros ocultos: 1

 

**************************************************************************

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\DOCUME~1\Usuario\CONFIG~1\Temp\RtkBtMnt.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-08-16 22:09:18 - Maquina reiniciou

ComboFix-quarantined-files.txt 2008-08-17 01:09:12

ComboFix2.txt 2008-08-15 02:53:59

 

Pre-Run: 9 pasta(s) 13,143,797,760 bytes disponíveis

Post-Run: 9 pasta(s) 13,340,209,152 bytes dispon¡veis

 

245

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:18:55, on 16/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\DOCUME~1\Usuario\CONFIG~1\Temp\RtkBtMnt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Documents and Settings\Usuario\Desktop\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

 

--

End of file - 4929 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa gustavo27,

 

Baixe o F-Secure Blacklight em:

F-Secure Blacklight

 

Salve-o em sua área de trabalho (desktop) e o execute. Aceite o acordo. Clique em Scan e aguarde.

 

Se ele encontrar algum arquivo, ignore, pois quero apenas o log.

 

Ao final do scan será gerado o arquivo fsbl-xxxxx.log (onde xxx são números). Preciso que você copie o log e poste em sua próxima resposta.

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

gustavo27    0

gustavo27
Postado

jgarcia,

 

Esse foi mais estranho. Esse pequeno texto abaixo era tudo o que havia no arquivo "fsbl-20080818022727", gerado na área de trabalho após o scan.

 

Espero que eu esteja fazendo a coisa certa. Estou contigo!

 

Aguardo novas instruções

 

 

 

 

08/17/08 23:27:27 [info]: BlackLight Engine 1.0.70 initialized

08/17/08 23:27:27 [info]: OS: 5.1 build 2600 (Service Pack 2)

08/17/08 23:27:27 [Note]: 7019 4

08/17/08 23:27:27 [Note]: 7005 0

08/17/08 23:27:31 [Note]: 7006 0

08/17/08 23:27:31 [Note]: 7011 1812

08/17/08 23:27:31 [Note]: 7035 0

08/17/08 23:27:33 [Note]: FSRAW library version 1.7.1024

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa gustavo27,

 

Submeta o arquivo abaixo ao site da Jotti:

 

C:\WINDOWS\system32\drivers\pctfw2.sys

 

... e retorne com o resultado.

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

gustavo27    0

gustavo27
Postado

jgarcia, achei 4 arquivos com esse nome: 3 "pctfw2" e 1 "pctfw2.sys.vir".

 

submeti o arquivo pctfw2.sys.vir, e o resultado foi:

 

Service load:

0% 100%

File: pctfw2.sys.vir

Status:

OK

MD5: 4bfff7b7e1ea80ec3ad8ae0a773701f7

Packers detected:

-

Scan taken on 19 Aug 2008 02:36:48 (GMT)

A-Squared

Found nothing

AntiVir

Found nothing

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found nothing

ClamAV

Found nothing

CPsecure

Found nothing

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found nothing

Fortinet

Found nothing

Ikarus

Found nothing

Kaspersky Anti-Virus

Found nothing

NOD32

Found nothing

Norman Virus Control

Found nothing

Panda Antivirus

Found nothing

Sophos Antivirus

Found nothing

VirusBuster

Found nothing

VBA32

Found nothing

 

Há um tal de "Statistics", pouco abaixo do resultado do scan colado acima, que eu não sei se é referente ao arquivo que eu submeti, então eu colo assim mesmo:

 

Scanner Malware name

A-Squared X

AntiVir TR/Crypt.CFI.Gen

ArcaVir X

Avast X

AVG Antivirus BackDoor.PoisonIvy.AP

BitDefender X

ClamAV X

CPsecure X

Dr.Web X

F-Prot Antivirus X

F-Secure Anti-Virus X

Fortinet X

Ikarus Trojan-Downloader.Agent.YZD

Kaspersky Anti-Virus X

NOD32 X

Norman Virus Control X

Panda Antivirus X

Sophos Antivirus X

VirusBuster X

VBA32 X

 

Depois, submeti um dos 3 "pctfw2", e o resultado foi:

 

Service load:

0% 100%

File: pctfw2.sys

Status:

OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)

MD5: 4bfff7b7e1ea80ec3ad8ae0a773701f7

Packers detected:

-

 

Scan taken on 19 Aug 2008 02:44:30 (GMT)

A-Squared

Found nothing

AntiVir

Found nothing

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found nothing

ClamAV

Found nothing

CPsecure

Found nothing

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found nothing

Fortinet

Found nothing

Ikarus

Found nothing

Kaspersky Anti-Virus

Found nothing

NOD32

Found nothing

Norman Virus Control

Found nothing

Panda Antivirus

Found nothing

Sophos Antivirus

Found nothing

VirusBuster

Found nothing

VBA32

Found nothing

 

Scanner Malware name

A-Squared X

AntiVir TR/Crypt.XPACK.Gen

ArcaVir Trojan.Dropper.Vb.Cxl

Avast Win32:Trojan-gen {Other}

AVG Antivirus X

BitDefender X

ClamAV X

CPsecure X

Dr.Web X

F-Prot Antivirus X

F-Secure Anti-Virus X

Fortinet X

Ikarus Trojan.Agent.VB.AWH

Kaspersky Anti-Virus X

NOD32 X

Norman Virus Control X

Panda Antivirus X

Sophos Antivirus X

VirusBuster X

VBA32 X

 

Então, submeti o 2º dos "pctfw2", e o resultado foi:

 

Service load:

0% 100%

File: pctfw2.sys

Status:

OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)

MD5: 4bfff7b7e1ea80ec3ad8ae0a773701f7

Packers detected:

-

 

Scan taken on 19 Aug 2008 02:48:34 (GMT)

A-Squared

Found nothing

AntiVir

Found nothing

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found nothing

ClamAV

Found nothing

CPsecure

Found nothing

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found nothing

Fortinet

Found nothing

Ikarus

Found nothing

Kaspersky Anti-Virus

Found nothing

NOD32

Found nothing

Norman Virus Control

Found nothing

Panda Antivirus

Found nothing

Sophos Antivirus

Found nothing

VirusBuster

Found nothing

VBA32

Found nothing

 

Scanner Malware name

A-Squared X

AntiVir BDS/Bifrose.ZXE

ArcaVir X

Avast Win32:Trojan-gen {Other}

AVG Antivirus X

BitDefender Backdoor.Bifrose.AABT

ClamAV X

CPsecure X

Dr.Web X

F-Prot Antivirus X

F-Secure Anti-Virus X

Fortinet X

Ikarus Virus.Win32.Crypt.CIK

Kaspersky Anti-Virus X

NOD32 X

Norman Virus Control W32/Bifrose.ABGB

Panda Antivirus X

Sophos Antivirus X

VirusBuster X

VBA32 Backdoor.Win32.Bifrose.xvi

 

Enfim, submeti o último "pctfw2", com o seguinte resultado:

 

Service load:

0% 100%

File: pctfw2.sys

Status:

OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)

MD5: 4bfff7b7e1ea80ec3ad8ae0a773701f7

Packers detected:

-

 

Scan taken on 19 Aug 2008 02:51:25 (GMT)

A-Squared

Found nothing

AntiVir

Found nothing

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found nothing

ClamAV

Found nothing

CPsecure

Found nothing

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found nothing

Fortinet

Found nothing

Ikarus

Found nothing

Kaspersky Anti-Virus

Found nothing

NOD32

Found nothing

Norman Virus Control

Found nothing

Panda Antivirus

Found nothing

Sophos Antivirus

Found nothing

VirusBuster

Found nothing

VBA32

Found nothing

 

Scanner Malware name

A-Squared X

AntiVir TR/Crypt.XPACK.Gen

ArcaVir Trojan.Dropper.Vb.Cxl

Avast Win32:Trojan-gen {Other}

AVG Antivirus X

BitDefender X

ClamAV X

CPsecure Troj.Dropper.W32.VB.bub

Dr.Web X

F-Prot Antivirus X

F-Secure Anti-Virus X

Fortinet X

Ikarus X

Kaspersky Anti-Virus X

NOD32 X

Norman Virus Control X

Panda Antivirus X

Sophos Antivirus X

VirusBuster X

VBA32 X

 

 

Se eu tiver feito algo errado, por favor não desista: eu posso fazer certo!

 

Aguardo novas instruções.

 

Muito boa noite

Compartilhar este post

Link para o post
Compartilhar em outros sites

gustavo27    0

gustavo27
Postado
Opa gustavo27,

 

Submeta o arquivo abaixo ao site da Jotti:

 

C:\WINDOWS\system32\drivers\pctfw2.sys

 

... e retorne com o resultado.

 

Abraços.

 

 

Perdão, jgarcia, precisei de DOIS DIAS para perceber que você queria um arquivo específico da pasta "drivers". Bem, o resultado da submissão ao jotti foi o seguinte:

 

Service load:

0% 100%

File: pctfw2.sys

Status:

OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)

MD5: 4bfff7b7e1ea80ec3ad8ae0a773701f7

Packers detected:

-

 

Scan taken on 20 Aug 2008 18:36:17 (GMT)

AntiVir

Found nothing

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found nothing

ClamAV

Found nothing

CPsecure

Found nothing

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found nothing

Fortinet

Found nothing

Ikarus

Found nothing

Kaspersky Anti-Virus

Found nothing

NOD32

Found nothing

Norman Virus Control

Found nothing

Panda Antivirus

Found nothing

Sophos Antivirus

Found nothing

VirusBuster

Found nothing

VBA32

Found nothing

 

Agora sim! :)

 

Aguardo!

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa gustavo27,

 

1. Baixe o Kaspersky Virus Removal Tool.

 

2. O arquivo possui aproximadamente 32 Mb, mas o resultado compensará o trabalho.

 

3. Reinicie a máquina em Modo Seguro.

 

4. Execute a ferramenta dando duplo-clique sobre o arquivo baixado.

 

5. Abrir-se-á a seguinte janela:

Kaspersky-Virus-Removal-Tool_1.png

 

6. Marque os diretórios que deseja varrer (é melhor marcar todos).

 

7. Clique em Scan e aguarde o término do processo.

 

8. Terminada a varredura, retorne com o resultado.

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

gustavo27    0

gustavo27
Postado

Caro jgarcia,

 

o scan demorou quase 12 horas. Depois, cliquei em "action" e foi emitido um log. Creio que seja este arquivo que você precisa. Ei-lo, então:

 

(Obs: eu desinstalei o kaspersky e foi deletado o arquivo "LOG\avptool_syscheck.zip". Se era esse arquivo que você precisava, eu faço todo o processo novamente, ok?)

 

<AVZ_CollectSysInfo>

--------------------

Start time: 22/8/2008 09:06:50

Duration: 00:03:50

Finish time: 22/8/2008 09:10:40

 

 

<AVZ_CollectSysInfo>

--------------------

Time Event

---- -----

22/8/2008 09:06:55 Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 2"

22/8/2008 09:06:55 System Restore: enabled

22/8/2008 09:06:55 System booted in Safe Mode

22/8/2008 09:06:56 1.1 Searching for user-mode API hooks

22/8/2008 09:06:57 Analysis: kernel32.dll, export table found in section .text

22/8/2008 09:06:57 Function kernel32.dll:CreateProcessA (99) intercepted, method ProcAddressHijack.GetProcAddress ->7C802367->61F03F42

22/8/2008 09:06:57 Hook kernel32.dll:CreateProcessA (99) blocked

22/8/2008 09:06:57 Function kernel32.dll:CreateProcessW (103) intercepted, method ProcAddressHijack.GetProcAddress ->7C802332->61F04040

22/8/2008 09:06:57 Hook kernel32.dll:CreateProcessW (103) blocked

22/8/2008 09:06:57 Function kernel32.dll:FreeLibrary (241) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AA66->61F041FC

22/8/2008 09:06:57 Hook kernel32.dll:FreeLibrary (241) blocked

22/8/2008 09:06:57 Function kernel32.dll:GetModuleFileNameA (372) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B357->61F040FB

22/8/2008 09:06:57 Hook kernel32.dll:GetModuleFileNameA (372) blocked

22/8/2008 09:06:57 Function kernel32.dll:GetModuleFileNameW (373) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B25D->61F041A0

22/8/2008 09:06:57 Hook kernel32.dll:GetModuleFileNameW (373) blocked

22/8/2008 09:06:57 Function kernel32.dll:GetProcAddress (408) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AC28->61F04648

22/8/2008 09:06:57 Hook kernel32.dll:GetProcAddress (408) blocked

22/8/2008 09:06:57 Function kernel32.dll:LoadLibraryA (578) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D77->61F03C6F

22/8/2008 09:06:57 Hook kernel32.dll:LoadLibraryA (578) blocked

22/8/2008 09:06:57 >>> Functions LoadLibraryA - preventing AVZ process from being intercepted by address replacement !!)

22/8/2008 09:06:57 Function kernel32.dll:LoadLibraryExA (579) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D4F->61F03DAF

22/8/2008 09:06:57 Hook kernel32.dll:LoadLibraryExA (579) blocked

22/8/2008 09:06:57 >>> Functions LoadLibraryExA - preventing AVZ process from being intercepted by address replacement !!)

22/8/2008 09:06:57 Function kernel32.dll:LoadLibraryExW (580) intercepted, method ProcAddressHijack.GetProcAddress ->7C801AF1->61F03E5A

22/8/2008 09:06:57 Hook kernel32.dll:LoadLibraryExW (580) blocked

22/8/2008 09:06:57 Function kernel32.dll:LoadLibraryW (581) intercepted, method ProcAddressHijack.GetProcAddress ->7C80ACD3->61F03D0C

22/8/2008 09:06:57 Hook kernel32.dll:LoadLibraryW (581) blocked

22/8/2008 09:06:57 IAT modification detected: GetModuleFileNameW - 00B30010<>7C80B25D

22/8/2008 09:06:58 Analysis: ntdll.dll, export table found in section .text

22/8/2008 09:06:58 Analysis: user32.dll, export table found in section .text

22/8/2008 09:06:59 Analysis: advapi32.dll, export table found in section .text

22/8/2008 09:06:59 Analysis: ws2_32.dll, export table found in section .text

22/8/2008 09:07:00 Analysis: wininet.dll, export table found in section .text

22/8/2008 09:07:01 Analysis: rasapi32.dll, export table found in section .text

22/8/2008 09:07:01 Analysis: urlmon.dll, export table found in section .text

22/8/2008 09:07:02 Analysis: netapi32.dll, export table found in section .text

22/8/2008 09:07:02 1.2 Searching for kernel-mode API hooks

22/8/2008 09:07:05 Driver loaded successfully

22/8/2008 09:07:05 Driver communication failure [00000002] - [1]

22/8/2008 09:07:05 1.4 Searching for masking processes and drivers

22/8/2008 09:07:05 Checking not performed: extended monitoring driver (AVZPM) is not installed

22/8/2008 09:07:05 Driver loaded successfully

22/8/2008 09:07:05 Driver communication failure [00000002] - [1]

22/8/2008 09:07:42 >> Services: potentially dangerous service allowed: RemoteRegistry (Registro remoto)

22/8/2008 09:07:42 >> Services: potentially dangerous service allowed: TermService (Serviços de terminal)

22/8/2008 09:07:42 >> Services: potentially dangerous service allowed: SSDPSRV (Serviço de descoberta SSDP)

22/8/2008 09:07:42 >> Services: potentially dangerous service allowed: Schedule (Agendador de tarefas)

22/8/2008 09:07:42 >> Services: potentially dangerous service allowed: mnmsrvc (Compartilhamento remoto da área de trabalho do NetMeeting)

22/8/2008 09:07:42 >> Services: potentially dangerous service allowed: RDSessMgr (Gerenciador de sessão de ajuda de área de trabalho remota)

22/8/2008 09:07:42 > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!

22/8/2008 09:07:42 >> Security: disk drives' autorun is enabled

22/8/2008 09:07:42 >> Security: administrative shares (C$, D$ ...) are enabled

22/8/2008 09:07:42 >> Security: anonymous user access is enabled

22/8/2008 09:07:42 >> Security: sending Remote Assistant queries is enabled

22/8/2008 09:07:45 >> Service termination timeout is out of admissible values

22/8/2008 09:07:45 >> Disable CD/DVD autorun

22/8/2008 09:07:45 System Analysis in progress

22/8/2008 09:10:40 System Analysis - complete

22/8/2008 09:10:40 Delete file:C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-HDEH9\LOG\avptool_syscheck.htm

22/8/2008 09:10:40 Delete file:C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-HDEH9\LOG\avptool_syscheck.xml

22/8/2008 09:10:40 Deleting service/driver: utm3mtq4

22/8/2008 09:10:40 Delete file:C:\WINDOWS\system32\Drivers\utm3mtq4.sys

22/8/2008 09:10:40 Deleting service/driver: ujm3mtq4

22/8/2008 09:10:40 Script executed without errors

Compartilhar este post

Link para o post
Compartilhar em outros sites

gustavo27    0

gustavo27
Postado

Agora!

 

ComboFix 08-08-14.02 - Usuario 2008-08-22 22:11:36.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.545 [GMT -3:00]

Executando de: C:\Documents and Settings\Usuario\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-07-23 to 2008-08-23 ))))))))))))))))))))))))))))))))

.

 

 

2008-08-22 11:34 . 2008-08-22 13:11 <DIR> d-------- C:\Downloads para scanear

2008-08-21 22:35 . 2008-08-21 22:35 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Iniciar

2008-08-21 13:16 . 2008-06-06 11:15 51,520 --a------ C:\WINDOWS\system32\drivers\TfFsMon.sys

2008-08-21 13:16 . 2008-06-06 11:15 38,208 --a------ C:\WINDOWS\system32\drivers\TfSysMon.sys

2008-08-21 13:16 . 2008-06-06 11:15 33,088 --a------ C:\WINDOWS\system32\drivers\TfNetMon.sys

2008-08-21 13:16 . 2008-06-06 11:15 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys

2008-08-20 17:10 . 2008-08-20 17:20 <DIR> d-------- C:\Arquivos de programas\Synaptics

2008-08-20 17:08 . 2008-08-20 17:08 5,462,844 --a------ C:\Arquivos de programas\AS5050_SynTouchpad.zip

2008-08-19 11:16 . 2008-08-20 14:26 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2008-08-18 13:19 . 2008-08-18 13:19 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\PC Tools

2008-08-18 13:19 . 2008-08-22 22:07 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor

2008-08-18 13:19 . 2008-08-18 13:19 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\PC Tools

2008-08-18 13:19 . 2008-07-28 11:29 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys

2008-08-18 13:19 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-08-18 13:19 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-08-18 13:19 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-08-18 13:19 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-08-17 23:19 . 2008-08-17 23:19 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\F-Secure

2008-08-17 23:14 . 2008-08-17 23:30 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\F-Secure

2008-08-17 23:13 . 2008-08-17 23:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\fssg

2008-08-16 22:09 . 2008-08-16 22:09 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-08-16 22:09 . 2008-08-16 22:09 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-08-16 22:09 . 2008-08-16 22:09 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-08-14 12:07 . 2008-08-14 12:07 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-08-14 11:50 . 2008-08-14 11:59 14,113,576 --a------ C:\Arquivos de programas\ewido-setup.exe

2008-08-14 11:47 . 2008-08-14 11:47 180,719 --a------ C:\Arquivos de programas\bankerfix.exe

2008-08-14 11:46 . 2008-08-14 11:46 92,672 --a------ C:\Arquivos de programas\KillBox.exe

2008-08-14 09:19 . 2008-08-14 09:19 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-08-14 09:18 . 2008-08-14 09:18 860,120 --a------ C:\Arquivos de programas\ccsetup210_slim.exe

2008-08-13 22:47 . 2008-08-21 13:17 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\PC Tools

2008-08-13 21:45 . 2008-08-13 21:59 25,049,240 --a------ C:\Arquivos de programas\antivir_workstation_winu_en_h.exe

2008-08-13 12:12 . 2008-08-13 15:02 <DIR> d-------- C:\Arquivos de programas\FastStone Image Viewer

2008-08-13 11:49 . 2008-08-13 11:50 4,261,270 --a------ C:\Arquivos de programas\FSViewerSetup35.exe

2008-08-12 15:40 . 2008-08-12 15:40 1,404,731 --a------ C:\Arquivos de programas\ForceVision_Setup.exe

2008-08-12 13:45 . 2008-08-13 12:14 <DIR> d-------- C:\Arquivos de programas\IrfanView

2008-08-12 13:29 . 2008-08-12 13:29 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-08-12 12:56 . 2006-08-03 10:19 69,632 --a------ C:\WINDOWS\system32\drivers\int15.sys

2008-08-12 12:56 . 2006-08-03 10:19 14,544 --a------ C:\WINDOWS\system32\drivers\TVicPort.sys

2008-08-12 12:56 . 2006-08-03 10:19 8,704 --a------ C:\WINDOWS\system32\drivers\TVicPort64.sys

2008-08-12 12:56 . 2006-08-03 10:19 8,704 --a------ C:\WINDOWS\system32\drivers\int15_64.sys

2008-08-12 12:56 . 2006-08-03 10:19 6,144 --a------ C:\WINDOWS\system32\drivers\zntport64.sys

2008-08-12 12:56 . 2006-08-03 10:19 6,080 --a------ C:\WINDOWS\system32\drivers\zntport.sys

2008-08-12 12:55 . 2005-04-07 18:08 78,208 --a------ C:\WINDOWS\system32\drivers\epm-shd.sys

2008-08-12 12:55 . 2006-06-05 09:39 53,248 --a------ C:\WINDOWS\system32\acpimof.dll

2008-08-12 12:55 . 2006-02-16 15:39 45,056 --a------ C:\WINDOWS\system32\Epm-Po.dll

2008-08-12 12:55 . 2004-07-19 13:10 4,096 --a------ C:\WINDOWS\system32\drivers\epm-psd.sys

2008-08-12 12:54 . 2006-06-13 14:42 602,112 --a------ C:\WINDOWS\system32\Acer.Empowering.Windows.Forms_v820.dll

2008-08-12 12:54 . 2006-06-29 10:29 602,112 --a------ C:\WINDOWS\system32\Acer.Empowering.Windows.Forms.dll

2008-08-12 12:54 . 2006-05-25 18:18 331,776 --a------ C:\WINDOWS\system32\ScrollBarLib.dll

2008-08-12 12:54 . 2006-02-22 11:19 69,632 --a------ C:\WINDOWS\system32\eRecUtil.dll

2008-08-12 12:54 . 2006-05-25 18:18 53,248 --a------ C:\WINDOWS\system32\Interop.Shell32.dll

2008-08-12 12:53 . 2008-08-12 12:53 <DIR> d-------- C:\Acer

2008-08-12 12:53 . 2006-02-22 11:19 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll

2008-08-12 12:18 . 2008-08-12 12:18 50,943,834 --------- C:\Arquivos de programas\setup_GTS_Photo_Digital_Pro.exe

2008-08-12 12:05 . 2008-08-12 12:05 1,352,704 --------- C:\Arquivos de programas\photorec.exe

2008-08-12 11:50 . 2008-08-12 11:51 <DIR> d-------- C:\WINDOWS\system32\URTTemp

2008-08-12 11:47 . 2008-08-12 11:47 1,305,600 --------- C:\Arquivos de programas\iview420_setup.exe

2008-08-12 08:41 . 2008-08-12 08:41 <DIR> d-------- C:\Arquivos de programas\Launch Manager

2008-08-12 08:41 . 2008-08-12 08:41 91 --a------ C:\WINDOWS\QtZgAcer.UNI

2008-08-11 19:29 . 2008-08-13 17:35 512 --a------ C:\WINDOWS\randseed.rnd

2008-08-11 19:26 . 2008-08-11 19:26 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Cisco Systems

2008-08-10 11:43 . 2008-08-08 03:17 6,974,864 --------- C:\Arquivos de programas\serif_ph55preloader.exe

2008-08-09 18:49 . 2008-08-08 04:14 18,348,886 --------- C:\Arquivos de programas\klmcodec410.exe

2008-08-09 18:49 . 2008-08-08 04:21 9,372,206 --------- C:\Arquivos de programas\17201_bsplayer_228.exe

2008-08-09 18:49 . 2008-08-08 04:04 7,328,456 --------- C:\Arquivos de programas\Firefox Setup 3.0.1.exe

2008-08-09 18:49 . 2008-08-08 04:20 1,495,112 --------- C:\Arquivos de programas\install_flash_player.exe

2008-08-09 18:49 . 2008-01-06 18:38 171,605 --------- C:\Arquivos de programas\hjsplit.zip

2008-08-08 11:46 . 2008-08-08 11:46 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\Media Player Classic

2008-08-08 10:00 . 2008-08-08 10:00 <DIR> d-------- C:\Arquivos de programas\%EXTRACT_DIR%

2008-08-08 09:34 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

2008-08-08 09:34 . 2001-08-17 21:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys

2008-08-08 04:43 . 2008-08-08 04:43 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\FastStone

2008-08-08 04:36 . 2008-08-08 04:36 <DIR> d-------- C:\Arquivos de programas\Serif

2008-08-08 04:36 . 1997-06-02 12:32 314,880 --a------ C:\WINDOWS\IsUninst.exe

2008-08-08 04:35 . 2008-08-08 04:35 <DIR> d-------- C:\Documents and Settings\Usuario\WINDOWS

2008-08-08 04:33 . 2008-08-08 04:33 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-08-08 04:30 . 2008-08-22 18:31 <DIR> d-------- C:\Arquivos de programas\BSplayer

2008-08-08 03:21 . 2008-08-22 22:07 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-08-08 02:39 . 2008-08-22 17:07 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-08-08 00:38 . 2008-08-08 00:38 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Acer

2008-08-08 00:38 . 2008-08-20 17:05 <DIR> d-------- C:\Arquivos de programas\Acer

2008-08-08 00:32 . 2008-08-08 00:32 <DIR> d-------- C:\Arquivos de programas\CONEXANT

2008-08-08 00:32 . 2006-08-16 11:22 424,320 --a------ C:\WINDOWS\system32\drivers\BCMWL5.SYS

2008-08-07 23:53 . 2008-08-07 23:53 <DIR> d-------- C:\Arquivos de programas\Atheros

2008-08-07 23:53 . 2006-01-25 10:44 488,448 --a------ C:\WINDOWS\system32\drivers\ar5211.sys

2008-08-07 23:53 . 2005-06-21 13:32 28,544 --a------ C:\WINDOWS\system32\drivers\callistx.sys

2008-08-07 23:52 . 2008-08-07 23:52 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-08-07 23:52 . 2008-08-07 23:52 <DIR> d-------- C:\WINDOWS\Options

2008-08-07 23:52 . 2008-08-07 23:52 <DIR> d-------- C:\Documents and Settings\Usuario\Dados de aplicativos\InstallShield

2008-08-07 23:12 . 2008-08-07 23:12 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-08-07 23:12 . 2008-08-07 23:12 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-08-07 23:11 . 2008-08-07 23:11 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-08-07 23:05 . 2008-08-07 23:05 <DIR> d-------- C:\Arquivos de programas\ATI Technologies

2008-08-07 23:02 . 2008-08-07 23:02 <DIR> d-------- C:\Arquivos de programas\Realtek

2008-08-07 19:24 . 2004-08-03 21:36 57,984 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2008-08-07 19:24 . 2004-08-03 19:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys

2008-08-07 19:24 . 2001-08-17 18:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

2008-08-07 19:23 . 2004-08-03 21:45 76,288 --a------ C:\WINDOWS\system32\usbui.dll

2008-08-07 19:23 . 2004-08-03 20:07 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys

2008-08-07 19:23 . 2001-08-17 18:57 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys

2008-08-07 19:23 . 2001-08-17 18:58 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys

2008-08-07 19:23 . 2004-08-03 20:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys

2008-08-07 19:21 . 2008-08-22 16:44 <DIR> d-------- C:\WINDOWS\system32\CatRoot2

2008-08-07 19:21 . 2008-08-07 22:27 <DIR> d--h----- C:\Documents and Settings\Default User\Modelos

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> d-------- C:\Documents and Settings\Default User\Meus documentos

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> dr------- C:\Documents and Settings\Default User\Menu Iniciar

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> d-------- C:\Documents and Settings\Default User\Favoritos

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> dr-h----- C:\Documents and Settings\Default User\Dados de aplicativos

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> dr-h----- C:\Documents and Settings\Default User\Configurações locais

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> d--h----- C:\Documents and Settings\Default User\Ambiente de rede

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> d--h----- C:\Documents and Settings\Default User\Ambiente de impressão

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> d--h----- C:\Documents and Settings\All Users\Modelos

2008-08-07 19:21 . 2008-08-13 16:26 <DIR> dr------- C:\Documents and Settings\All Users\Menu Iniciar

2008-08-07 19:21 . 2008-08-07 19:21 <DIR> d-------- C:\Documents and Settings\All Users\Favoritos

2008-08-07 19:21 . 2008-08-07 22:28 <DIR> dr------- C:\Documents and Settings\All Users\Documentos

2008-08-07 19:21 . 2008-08-20 14:26 <DIR> dr-h----- C:\Documents and Settings\All Users\Dados de aplicativos

2008-08-07 19:03 . 2008-08-19 00:13 <DIR> d-------- C:\Documents and Settings

2008-08-07 19:02 . 2008-08-07 22:34 261 --a------ C:\WINDOWS\system32\$winnt$.inf

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-19 14:17 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-08-14 11:37 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-14 11:37 --------- d-----w C:\Arquivos de programas\CyberLink

2008-08-12 16:29 6,302 ----a-w C:\Arquivos de programas\0x0816.ini

2008-08-12 16:29 551,331 ----a-w C:\Arquivos de programas\setup.isn

2008-08-12 16:29 34,816 ----a-w C:\Arquivos de programas\2070.MST

2008-08-12 16:29 31,187,456 ----a-w C:\Arquivos de programas\Acer eDataSecurity Management.msi

2008-08-12 15:26 58,057 ----a-w C:\Arquivos de programas\ISO2_DVD.nri

2008-08-08 06:33 3,676,142 ----a-w C:\Arquivos de programas\ISO1_DVD.nri

2008-08-08 02:06 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-08-08 01:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2008-08-08 01:46 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-08-08 01:46 --------- d-----w C:\Arquivos de programas\Ahead

2008-08-08 01:40 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2008-08-08 01:40 --------- d-----w C:\Arquivos de programas\Microsoft Works

2008-08-08 01:32 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-08-08 01:30 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-08-08 01:29 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\divx.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]

"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-30 09:57 442368]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"SynTPEnh"="C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2006-08-16 11:34 766041]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 11:23 16248320 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-08-16 11:21 2879488 C:\WINDOWS\SkyTel.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Acer Empowering Technology.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Acer Empowering Technology.lnk

backup=C:\WINDOWS\pss\Acer Empowering Technology.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]

--------- 2006-08-16 11:20 53248 C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]

--a------ 2006-07-31 21:02 346112 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

--a------ 2006-12-06 23:11 483328 C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Brazilian\\setup.exe"=

"C:\\Arquivos de programas\\Spyware Doctor\\pctsGui.exe"=

 

R0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys [2008-06-06 11:15]

R0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys [2008-06-06 11:15]

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-28 11:29]

R3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys [2008-06-06 11:15]

S2 nvmini;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\system32\DRIVERS\nvmini.sys []

S3 ThreatFire;ThreatFire;C:\Arquivos de programas\Spyware Doctor\TFEngine\TFService.exe service []

S3 utm3mtq4;AVZ Kernel Driver;C:\WINDOWS\system32\Drivers\utm3mtq4.sys []

 

*Newly Created Service* - CATCHME

.

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\2nzo78cs.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.stf.jus.br

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-22 22:12:26

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-08-22 22:12:58

ComboFix-quarantined-files.txt 2008-08-23 01:12:56

ComboFix2.txt 2008-08-17 01:09:21

ComboFix3.txt 2008-08-15 02:53:59

 

Pre-Run: 7 pasta(s) 12,106,936,320 bytes disponíveis

Post-Run: 10 pasta(s) 12,229,517,312 bytes disponíveis

 

213

 

Aguardo! Bom fim de semana!

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa gustavo27,

 

Submeta o arquivo abaixo ao site da Jotti:

 

C:\WINDOWS\system32\Drivers\utm3mtq4.sys

 

... e retorne com o resultado.

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

gustavo27    0

gustavo27
Postado
Opa gustavo27,

 

Submeta o arquivo abaixo ao site da Jotti:

 

C:\WINDOWS\system32\Drivers\utm3mtq4.sys

 

... e retorne com o resultado.

 

Abraços.

 

 

jgarcia,

 

Esse arquivo não existe no meu computador, seja por uma busca visual na pasta que você indicou ou mesmo pela pesquisa pelo nome do arquivo. Pode ser que o SpywareDoctor tenha feito ele sumir (é o meu único palpite, de leigo, pois não deletei nada de próprio punho nem realizei nenhuma tarefa além das que você indicou).

 

Aguardo!

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa gustavo27,

 

Siga as instruções:

 

1. Baixe o MSNFix e salve-o em seu desktop.

  • a. Extraia os arquivos. Será criada uma pasta MSNFix.
    b. Entre na pasta e dê um duplo-clique no MSNFix.bat. A janela MSN_Fix-menu irá se abrir.
    c. Primeiro tecle P para escolher o idioma Português (Brasil) e dê Enter.
    d. Depois tecle R e dê Enter para começar o exame. Se uma infecção for encontrada, aparecerá a mensagem Infecção Presente. Então aperte qualquer tecla, menos a Q que é para sair do programa.
    e. O processo de remoção comecará. Aguarde, pois o mesmo pode demorar alguns minutos.
    f. Ao final abrir-se-á o bloco de notas com um relatório. Selecione e copie o conteúdo relatório, colando-o em sua próxima resposta.
     
    PS.: Este relatório será salvo na pasta MSNFix sob o nome msnfix.txt.

2. Poste ainda um novo log do HijackThis.

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

gustavo27    0

gustavo27
Postado

jgarcia,

 

segue o log do msnfix e, na sequencia, do hijackthis.

 

Aguardo!

 

MSNFix 1.742

 

C:\MSNFix

Fix lançado dia seg 25/08/2008 - 16:09:01,98 By Usuario

modo normal

 

************************ Procurando os arquivos presentes

 

Nenhum arquivo encontrado

 

************************ Procurando as pastas presentes

 

Nenhuma pasta encontrada

 

 

 

 

************************ Hostsclean

 

Cleanhosts v 0.1.0.7 By Laurent

 

-- Backup : C:\WINDOWS\system32\drivers\etc\hosts-20080825161751

-- original size 0.03 Kb / 1 lines

scan impossible. because they are Only 1 line in hosts file

 

 

End .............................. not available Secondes

 

 

 

************************ Arquivos suspeitos

 

Nenhum arquivo encontrado

 

 

************************ HKLM\...\Winlogon\Userinit

 

Userinit = C:\WINDOWS\system32\userinit.exe,

 

------------------------------------------------------------------------

Autor : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:20:40, on 25/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Spyware Doctor\TFEngine\TFService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\DOCUME~1\Usuario\CONFIG~1\Temp\RtkBtMnt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\Usuario\Desktop\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: ThreatFire - PC Tools - C:\Arquivos de programas\Spyware Doctor\TFEngine\TFService.exe

 

--

End of file - 4506 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

gustavo27    0

gustavo27
Postado

Sim, companheiro jgarcia, infelizmente sim.

 

Pelo menos temos a certeza de que não é infecção.

 

Muito obrigado!

 

jgarcia, você me sugere alguma coisa? (Quem procurar, a possível causa do problema etc)

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito