Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

andre campores

[Arquivado] log para avaliação

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

andre campores    0

andre campores
Postado

Olá pessoal, meu computador está apresentando um probleminha. Desde quando eu conectei um mp4 à uma de suas portas USB. Esse mp4 estava repleto de vírus, e agora qualquer dispositivo que conecto à porta USB aparece mensagem de vírus pelo Avast. Sempre que inicio a máquina encontra vírus também. Analisem o log por favor, obrigado.

 

 

 

 

 

C:\DOCUME~1\Andre\CONFIG~1\Temp\Rar$EX00.859\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Andre\Configurações locais\Dados de aplicativos\CyberDefender\cdmyidd.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Andre\Configurações locais\Dados de aplicativos\CyberDefender\cdmyidd.dll (file missing)

O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Andre\Configurações locais\Dados de aplicativos\CyberDefender\cdmyidd.dll (file missing)

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [avast!] E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Eps_Reg.exe] C:\DOCUME~1\Andre\CONFIG~1\Temp\Eps_Reg.exe /L /NSmartCard2000

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [iexplorers] C:\WINDOWS\shell.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{DB069D7E-48D2-4089-AA5B-8B4110362FEA}: NameServer = 200.165.132.147,200.165.132.155

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Start BT in service - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

 

--

End of file - 6528 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa andre campores,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

 

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

andre campores    0

andre campores
Postado

jgarcia

Aí esta o log do ComboFix como solicitado

 

 

 

 

ComboFix 08-12-01.01 - Andre 2008-12-02 7:57:36.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.662 [GMT -3:00]

Executando de: c:\documents and settings\Andre\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Andre\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll

c:\documents and settings\Andre\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\desktop.ini

c:\documents and settings\Andre\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\FP_AX_CAB_INSTALLER.exe

c:\documents and settings\Andre\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\swflash.inf

c:\windows\IE4 Error Log.txt

c:\windows\system\oeminfo.ini

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_XPROTECTOR

-------\Service_XPROTECTOR

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-02 to 2008-12-02 ))))))))))))))))))))))))))))

.

 

2008-12-01 10:59 . 2008-12-01 11:00 <DIR> d-------- C:\HiJackThis

2008-11-27 15:18 . 2001-08-17 22:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys

2008-11-27 15:18 . 2001-08-17 22:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys

2008-11-25 16:45 . 2008-11-25 16:45 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\PCSuite

2008-11-25 16:45 . 2008-11-25 16:45 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Nokia

2008-11-25 08:17 . 2008-11-25 08:17 63 --a------ c:\windows\st_affiliate.ini

2008-11-03 08:33 . 2008-11-03 08:33 7,340 --a------ C:\SA4SE006.Mem

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-26 18:22 --------- d-----w c:\arquivos de programas\Megacubo

2008-11-25 19:45 --------- d-----w c:\arquivos de programas\Nokia

2008-11-25 19:44 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Installations

2008-11-24 21:09 --------- d-----w c:\documents and settings\Andre\Dados de aplicativos\LimeWire

2008-11-01 14:02 --------- d-----w c:\arquivos de programas\SETOOL

2008-11-01 12:51 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2008-10-29 12:31 --------- d-----w c:\arquivos de programas\NHL by blackattack

2008-10-07 14:32 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-10-07 14:02 --------- d-----w c:\documents and settings\Andre\Dados de aplicativos\InstallShield

2008-08-20 12:04 24,192 ----a-w c:\documents and settings\Andre\usbsermptxp.sys

2008-08-20 12:04 22,768 ----a-w c:\documents and settings\Andre\usbsermpt.sys

2008-08-12 13:58 92,064 ----a-w c:\documents and settings\Andre\mqdmmdm.sys

2008-08-12 13:58 9,232 ----a-w c:\documents and settings\Andre\mqdmmdfl.sys

2008-08-12 13:58 79,328 ----a-w c:\documents and settings\Andre\mqdmserd.sys

2008-08-12 13:58 66,656 ----a-w c:\documents and settings\Andre\mqdmbus.sys

2008-08-12 13:58 6,208 ----a-w c:\documents and settings\Andre\mqdmcmnt.sys

2008-08-12 13:58 5,936 ----a-w c:\documents and settings\Andre\mqdmwhnt.sys

2008-08-12 13:58 4,048 ----a-w c:\documents and settings\Andre\mqdmcr.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-05 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-05 94208]

"avast!"="e:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

--a------ 2006-12-05 22:55 54832 c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]

--a------ 2008-06-17 16:00 1249280 c:\arquivos de programas\Nokia\Nokia PC Suite 7\PcSync2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

--a------ 2008-10-02 07:00 1124352 c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2006-11-23 15:10 56928 c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\GsmServer\\SCout\\SCout.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

 

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2002-02-09 111184]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2002-02-09 20560]

R2 Start BT in service;Start BT in service;c:\arquivos de programas\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-09-30 51816]

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l251x86.sys [2002-02-09 29696]

R3 Egatebus;Egatebus;c:\windows\system32\drivers\egatebus.sys [2006-05-19 15328]

R3 Egaterdr;Egaterdr;c:\windows\system32\drivers\egaterdr.sys [2006-05-19 13440]

R3 R5BaseSmc;USB Token Holder Service;c:\windows\system32\DRIVERS\smccard.sys [2008-08-27 12800]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2008-07-04 6016]

S3 dmtoolusb;LOCOSTO Flash Interface;c:\windows\system32\Drivers\dmtoolusb.sys [2007-06-25 18304]

S3 DreamBox;Dream Box device;c:\windows\system32\Drivers\DREAMBOX.sys [2008-06-17 16768]

S3 Egatecard;Egatecard;c:\windows\system32\Drivers\egate.sys [2006-05-19 18880]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-07-04 18176]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-07-04 7680]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2008-07-04 42112]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2008-07-04 22272]

S3 MtbUsb;Universal Flashing Interface;c:\windows\system32\Drivers\mtbox.sys [2005-09-07 31452]

S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2008-06-23 3567]

S3 se44bus;Sony Ericsson Device 068 driver (WDM);c:\windows\system32\DRIVERS\se44bus.sys [2007-02-26 61536]

S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se44mdfl.sys [2007-02-26 9360]

S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se44mdm.sys [2007-02-26 97088]

S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se44mgmt.sys [2007-02-26 88624]

S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se44obex.sys [2007-02-26 86432]

S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);c:\windows\system32\DRIVERS\se44unic.sys [2007-02-26 90800]

S3 token;USB Token Service;c:\windows\system32\DRIVERS\eps2kt1.sys [2008-08-27 21888]

S3 UFS2XX;UFS2XX.SYS UFS2 device driver;c:\windows\system32\Drivers\UFS2XX.sys [2005-12-15 34639]

S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\Drivers\usb2vcom.sys []

S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\DRIVERS\w200bus.sys [2007-06-15 61504]

S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\DRIVERS\w200mdfl.sys [2007-06-15 9328]

S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\DRIVERS\w200mdm.sys [2007-06-15 97056]

S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w200mgmt.sys [2007-06-15 88560]

S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w200obex.sys [2007-06-15 86368]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w300mgmt.sys [2006-12-26 87824]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w300obex.sys [2006-12-26 85696]

S3 Z550bus;Sony Ericsson Z550 driver (WDM);c:\windows\system32\DRIVERS\Z550bus.sys [2006-12-26 60800]

S3 Z550mdfl;Sony Ericsson Z550 USB WMC Modem Filter;c:\windows\system32\DRIVERS\Z550mdfl.sys [2006-12-26 9264]

S3 Z550mdm;Sony Ericsson Z550 USB WMC Modem Driver;c:\windows\system32\DRIVERS\Z550mdm.sys [2006-12-26 96352]

S3 Z550mgmt;Sony Ericsson Z550 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\Z550mgmt.sys [2006-12-26 87824]

S3 Z550obex;Sony Ericsson Z550 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\Z550obex.sys [2006-12-26 85696]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5dd01f95-4455-11dd-984a-001167ab73df}]

\Shell\Auto\Command - program.exe e

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL program.exe e

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd6d3ace-451b-11dd-984b-001167ab73df}]

\Shell\Auto\command - MicrosoftPowerPoint.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4ae1301-6483-11dd-9886-001167ab73df}]

\Shell\Auto\Command - G:\program.exe e

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL program.exe e

.

- - - - ORFÃOS REMOVIDOS - - - -

 

URLSearchHooks-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - c:\documents and settings\Andre\Configurações locais\Dados de aplicativos\CyberDefender\cdmyidd.dll

BHO-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - c:\documents and settings\Andre\Configurações locais\Dados de aplicativos\CyberDefender\cdmyidd.dll

Toolbar-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - c:\documents and settings\Andre\Configurações locais\Dados de aplicativos\CyberDefender\cdmyidd.dll

WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - c:\documents and settings\Andre\Configurações locais\Dados de aplicativos\CyberDefender\cdmyidd.dll

MSConfigStartUp-PCSuiteTrayApplication - c:\arquiv~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

 

 

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-02 08:00:09

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

e:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

e:\arquivos de programas\Alwil Software\Avast4\ashServ.exe

c:\windows\system32\scardsvr.exe

c:\arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe

e:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

e:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-12-02 8:01:14 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-12-02 11:01:12

 

Pré-execução: 18 pasta(s) 25.792.376.832 bytes disponíveis

Pós execução: 18 pasta(s) 26,280,517,632 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

177

 

 

 

 

 

 

 

 

 

Mandei tb o log do HijackThis:

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:08:25, on 2/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

C:\WINDOWS\system32\svchost.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\success\SERVICO.EXE

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Andre\CONFIG~1\Temp\Rar$EX00.969\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avast!] E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{DB069D7E-48D2-4089-AA5B-8B4110362FEA}: NameServer = 200.165.132.147,200.165.132.155

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Start BT in service - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

 

--

End of file - 5621 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa andre campores,

 

1. Baixe o BankerFix 3.0.

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe. A janela do Banker Fix 3.0 abrir-se-á com a seguinte pergunta Instalar o BankerFix 3.0 / Install BankerFix 3.0 ? >> clique em SIM.

 

4. Uma janela informando que o BankerFix 3.0 será baixado via internet abrir-se-á >> clique sobre OK e aguarde. Na próxima janela clique em OK mais uma vez, a fim de que o BankerFix 3.0 seja iniciado.

 

5. Pressione qualquer tecla para dar continuidade ao processo e aguarde até que a varredura se complete. Tenha paciência, pois ela pode demorar alguns minutos.

 

6. Terminado o scan, leia a mensagem na tela e aperte Enter.

 

7. Habilite o seu anti-vírus.

 

8. Retorne com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

 

9. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

 

Abraços.

 

PS.: Caso apareça a seguinte mensagem: Site denunciado como foco de ataques!, não se preocupe e clique sobre Ignorar este alerta.

Compartilhar este post

Link para o post
Compartilhar em outros sites

andre campores    0

andre campores
Postado

bom dia jgarcia.

 

Como solicitado, segui o procedimento solicitado.

quando pressionei qualquer tecla para continuar a varredura, apareceu a mensagem de que nao foi encontrado nenhum erro.

Na pasta indicada nao tem relatorio do bankerfix.

 

Obrigado.

Compartilhar este post

Link para o post
Compartilhar em outros sites

andre campores    0

andre campores
Postado

Abaixo, o relatório do ComboFix. Abraço.

 

 

 

 

 

 

ComboFix 08-12-01.01 - Andre 2008-12-04 8:33:59.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.620 [GMT -3:00]

Executando de: c:\documents and settings\Andre\Desktop\ComboFix.exe

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-04 to 2008-12-04 ))))))))))))))))))))))))))))

.

 

2008-12-03 08:34 . 2008-12-03 08:35 <DIR> d-------- C:\LinhaDefensiva

2008-12-02 16:49 . 2006-07-16 22:53 30,368 -ra------ c:\windows\system32\drivers\usb2vcom.sys

2008-12-02 16:11 . 2008-12-02 16:32 <DIR> d-------- C:\HANCOCK

2008-12-01 10:59 . 2008-12-01 11:00 <DIR> d-------- C:\HiJackThis

2008-11-27 15:18 . 2001-08-17 22:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys

2008-11-27 15:18 . 2001-08-17 22:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys

2008-11-25 16:45 . 2008-11-25 16:45 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\PCSuite

2008-11-25 16:45 . 2008-11-25 16:45 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Nokia

2008-11-25 08:17 . 2008-11-25 08:17 63 --a------ c:\windows\st_affiliate.ini

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-03 18:53 --------- d-----w c:\documents and settings\Andre\Dados de aplicativos\LimeWire

2008-12-02 19:52 --------- d-----w c:\documents and settings\Andre\Dados de aplicativos\PC Suite

2008-12-02 19:52 --------- d-----w c:\documents and settings\Andre\Dados de aplicativos\Nokia

2008-12-02 19:52 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\PC Suite

2008-12-02 19:03 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2008-12-02 19:02 --------- d-----w c:\arquivos de programas\DVD Shrink

2008-11-26 18:22 --------- d-----w c:\arquivos de programas\Megacubo

2008-11-25 19:45 --------- d-----w c:\arquivos de programas\Nokia

2008-11-25 19:44 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Installations

2008-11-01 14:02 --------- d-----w c:\arquivos de programas\SETOOL

2008-10-29 12:31 --------- d-----w c:\arquivos de programas\NHL by blackattack

2008-10-07 14:32 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-10-07 14:02 --------- d-----w c:\documents and settings\Andre\Dados de aplicativos\InstallShield

2008-08-20 12:04 24,192 ----a-w c:\documents and settings\Andre\usbsermptxp.sys

2008-08-20 12:04 22,768 ----a-w c:\documents and settings\Andre\usbsermpt.sys

2008-08-12 13:58 92,064 ----a-w c:\documents and settings\Andre\mqdmmdm.sys

2008-08-12 13:58 9,232 ----a-w c:\documents and settings\Andre\mqdmmdfl.sys

2008-08-12 13:58 79,328 ----a-w c:\documents and settings\Andre\mqdmserd.sys

2008-08-12 13:58 66,656 ----a-w c:\documents and settings\Andre\mqdmbus.sys

2008-08-12 13:58 6,208 ----a-w c:\documents and settings\Andre\mqdmcmnt.sys

2008-08-12 13:58 5,936 ----a-w c:\documents and settings\Andre\mqdmwhnt.sys

2008-08-12 13:58 4,048 ----a-w c:\documents and settings\Andre\mqdmcr.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-12-02_ 8.00.56.87 )))))))))))))))))))))))))))))))))))))))))

.

- 2006-04-04 12:17:04 30,336 ----a-w c:\windows\ARK\usb2vcom.sys

+ 2006-07-17 12:53:20 30,368 ----a-w c:\windows\ARK\usb2vcom.sys

+ 2008-05-20 13:37:00 525,824 ----a-w c:\windows\system32\drivers\UMDF\PCCSWpdDriver.dll

- 2006-09-28 21:55:50 77,568 ------w c:\windows\system32\drivers\WudfPf.sys

+ 2006-09-16 01:29:52 76,544 ------w c:\windows\system32\drivers\WudfPf.sys

- 2006-09-28 22:00:34 82,944 ------w c:\windows\system32\drivers\WudfRd.sys

+ 2006-09-16 01:30:10 82,688 ------w c:\windows\system32\drivers\WudfRd.sys

- 2008-12-02 10:51:23 132,360 ----a-w c:\windows\system32\perfc009.dat

+ 2008-12-04 11:12:11 133,116 ----a-w c:\windows\system32\perfc009.dat

- 2008-12-02 10:51:23 171,090 ----a-w c:\windows\system32\perfc016.dat

+ 2008-12-04 11:12:11 172,092 ----a-w c:\windows\system32\perfc016.dat

- 2008-12-02 10:51:23 474,244 ----a-w c:\windows\system32\perfh009.dat

+ 2008-12-04 11:12:11 475,576 ----a-w c:\windows\system32\perfh009.dat

- 2008-12-02 10:51:23 600,202 ----a-w c:\windows\system32\perfh016.dat

+ 2008-12-04 11:12:11 602,296 ----a-w c:\windows\system32\perfh016.dat

- 2006-09-28 23:13:26 95,344 ------w c:\windows\system32\WUDFCoinstaller.dll

+ 2006-09-16 02:30:16 87,040 ------w c:\windows\system32\WUDFCoinstaller.dll

- 2006-09-28 21:56:38 146,432 ------w c:\windows\system32\WudfHost.exe

+ 2006-09-16 02:30:06 142,848 ------w c:\windows\system32\WudfHost.exe

- 2006-09-28 21:56:16 165,376 ------w c:\windows\system32\WudfPlatform.dll

+ 2006-09-16 01:29:54 163,840 ------w c:\windows\system32\WudfPlatform.dll

- 2006-09-28 21:56:14 55,808 ------w c:\windows\system32\WudfSvc.dll

+ 2006-09-16 02:30:16 55,296 ------w c:\windows\system32\WudfSvc.dll

+ 2008-05-20 13:32:30 831,048 ----a-w c:\windows\system32\WudfUpdate_01005.dll

- 2006-09-28 21:56:38 316,416 ------w c:\windows\system32\WUDFx.dll

+ 2006-09-16 02:30:16 308,224 ------w c:\windows\system32\WUDFx.dll

+ 2008-12-04 11:07:49 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_69c.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"PC Suite Tray"="c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-05 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-05 94208]

"avast!"="e:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

--a------ 2006-12-05 22:55 54832 c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]

--a------ 2008-06-17 16:00 1249280 c:\arquivos de programas\Nokia\Nokia PC Suite 7\PcSync2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

--a------ 2008-10-02 07:00 1124352 c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2006-11-23 15:10 56928 c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\GsmServer\\SCout\\SCout.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

 

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2002-02-09 111184]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2002-02-09 20560]

R2 Start BT in service;Start BT in service;c:\arquivos de programas\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-09-30 51816]

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l251x86.sys [2002-02-09 29696]

R3 Egatebus;Egatebus;c:\windows\system32\drivers\egatebus.sys [2006-05-19 15328]

R3 Egaterdr;Egaterdr;c:\windows\system32\drivers\egaterdr.sys [2006-05-19 13440]

R3 R5BaseSmc;USB Token Holder Service;c:\windows\system32\DRIVERS\smccard.sys [2008-08-27 12800]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2008-07-04 6016]

S3 dmtoolusb;LOCOSTO Flash Interface;c:\windows\system32\Drivers\dmtoolusb.sys [2007-06-25 18304]

S3 DreamBox;Dream Box device;c:\windows\system32\Drivers\DREAMBOX.sys [2008-06-17 16768]

S3 Egatecard;Egatecard;c:\windows\system32\Drivers\egate.sys [2006-05-19 18880]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-07-04 18176]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-07-04 7680]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2008-07-04 42112]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2008-07-04 22272]

S3 MtbUsb;Universal Flashing Interface;c:\windows\system32\Drivers\mtbox.sys [2005-09-07 31452]

S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2008-06-23 3567]

S3 se44bus;Sony Ericsson Device 068 driver (WDM);c:\windows\system32\DRIVERS\se44bus.sys [2007-02-26 61536]

S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se44mdfl.sys [2007-02-26 9360]

S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se44mdm.sys [2007-02-26 97088]

S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se44mgmt.sys [2007-02-26 88624]

S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se44obex.sys [2007-02-26 86432]

S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);c:\windows\system32\DRIVERS\se44unic.sys [2007-02-26 90800]

S3 token;USB Token Service;c:\windows\system32\DRIVERS\eps2kt1.sys [2008-08-27 21888]

S3 UFS2XX;UFS2XX.SYS UFS2 device driver;c:\windows\system32\Drivers\UFS2XX.sys [2005-12-15 34639]

S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\Drivers\usb2vcom.sys [2008-12-02 30368]

S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\DRIVERS\w200bus.sys [2007-06-15 61504]

S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\DRIVERS\w200mdfl.sys [2007-06-15 9328]

S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\DRIVERS\w200mdm.sys [2007-06-15 97056]

S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w200mgmt.sys [2007-06-15 88560]

S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w200obex.sys [2007-06-15 86368]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w300mgmt.sys [2006-12-26 87824]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w300obex.sys [2006-12-26 85696]

S3 Z550bus;Sony Ericsson Z550 driver (WDM);c:\windows\system32\DRIVERS\Z550bus.sys [2006-12-26 60800]

S3 Z550mdfl;Sony Ericsson Z550 USB WMC Modem Filter;c:\windows\system32\DRIVERS\Z550mdfl.sys [2006-12-26 9264]

S3 Z550mdm;Sony Ericsson Z550 USB WMC Modem Driver;c:\windows\system32\DRIVERS\Z550mdm.sys [2006-12-26 96352]

S3 Z550mgmt;Sony Ericsson Z550 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\Z550mgmt.sys [2006-12-26 87824]

S3 Z550obex;Sony Ericsson Z550 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\Z550obex.sys [2006-12-26 85696]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5dd01f95-4455-11dd-984a-001167ab73df}]

\Shell\Auto\Command - program.exe e

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL program.exe e

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9af263ef-c12c-11dd-9906-001167ab73df}]

\Shell\AutoRun\command - m2nl.bat

\Shell\explore\Command - m2nl.bat

\Shell\open\Command - m2nl.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd6d3ace-451b-11dd-984b-001167ab73df}]

\Shell\Auto\command - MicrosoftPowerPoint.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4ae1301-6483-11dd-9886-001167ab73df}]

\Shell\Auto\Command - G:\program.exe e

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL program.exe e

 

*Newly Created Service* - CATCHME

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-04 08:34:31

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-12-04 8:34:53

ComboFix-quarantined-files.txt 2008-12-04 11:34:48

ComboFix2.txt 2008-12-04 11:33:06

ComboFix3.txt 2008-12-02 11:01:15

 

Pré-execução: 20 pasta(s) 21.502.820.352 bytes disponíveis

Pós execução: 20 pasta(s) 21,488,345,088 bytes disponíveis

 

180

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa andre campores,

 

Desculpe a imensa demora, pois neste fim de ano ando muito atribulado.

 

Caso ainda haja interesse de sua parte, poste uma nova resposta, a fim de que possamos dar continuidade ao tópico.

 

Abraços e desculpe mais uma vez. :thumbsup:

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito