[Resolvido!] Analise de Log - Acao Sem Comando

Mário Monteiro · Dezembro 23, 2008

Boa tarde

De ontem para ca vem aparecendo uma mensagem quando navego

So que nem entrei neste site informado e muito menos tenho esta intenção, entao talvez esteja infectado por este metodo lusitano de roubar senhas

Se puderem agradeço a analise

Abraços

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:47:00, on 23/12/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\DigitalPersona\Bin\DpAgent.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Users\Mário Monteiro\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Minimodem USB\Minimodem USB.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\NOTEPAD.EXE

C:\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"

O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Users\Mário Monteiro\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F8B5DE89-1C90-4D07-A259-17EFEAF4304A}: NameServer = 189.40.224.5 10.223.246.102

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppXL\cdrom_mon.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe

O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--

End of file - 10324 bytes

PedroN · Dezembro 24, 2008

• Vá a este Link,e baixe: < Malwarebytes >

• Atualize o programa!

• Escolha o escaneamento Rápido!

• Desabilite programas de proteção,ao executar o malwarebytes.

• Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

• Para maiores detalhes: < Link >

-----------------------

• Poste,os relatórios: mbam-log-2008-xx-xx (00-00-00).txt + HijackThis,atualizado.

Mário Monteiro · Dezembro 24, 2008

O Malwarebytes na detectou nada mas segue os logs pedidos

Malwarebytes' Anti-Malware 1.31
Versão do banco de dados: 1542

Windows 6.0.6001 Service Pack 1

24/12/2008 18:24:00

mbam-log-2008-12-24 (18-24-00).txt

Tipo de Verificação: Rápida

Objetos verificados: 21406

Tempo decorrido: 1 minute(s), 49 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:26:38, on 24/12/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\DigitalPersona\Bin\DpAgent.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Users\Mário Monteiro\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Minimodem USB\Minimodem USB.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\HijackThis\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\Taskmgr.exe

C:\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"

O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\HijackThis\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Users\Mário Monteiro\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F8B5DE89-1C90-4D07-A259-17EFEAF4304A}: NameServer = 189.40.224.5 10.223.246.102

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppXL\cdrom_mon.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe

O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--

End of file - 10530 bytes

PedroN · Dezembro 25, 2008

Mário Monteiro,

Você que ja é de casa, poste o log do combofix da sua maquina em questão;

Mário Monteiro · Dezembro 25, 2008

ComboFix 08-12-24.01 - Mário Monteiro 2008-12-25 14:26:55.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1046.18.2813.1925 [GMT -3:00]

Executando de: c:\hijackthis\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_GbpSv

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-25 to 2008-12-25 ))))))))))))))))))))))))))))

.

2008-12-24 18:07 . 2008-12-24 18:07 <DIR> d-------- c:\users\Mário Monteiro\AppData\Roaming\Malwarebytes

2008-12-24 18:07 . 2008-12-03 19:59 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2008-12-24 18:07 . 2008-12-03 19:59 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2008-12-24 18:06 . 2008-12-24 18:06 <DIR> d-------- c:\users\All Users\Malwarebytes

2008-12-24 18:06 . 2008-12-24 18:06 <DIR> d-------- c:\programdata\Malwarebytes

2008-12-23 17:43 . 2008-12-25 14:13 <DIR> d-------- C:\HijackThis

2008-12-23 13:39 . 2008-12-23 13:39 <DIR> d-------- c:\windows\System32\0416

2008-12-23 13:39 . 2008-12-23 13:39 <DIR> d-------- C:\inetpub

2008-12-17 19:27 . 2008-12-17 19:27 <DIR> d-------- c:\program files\Common Files\Adobe

2008-12-17 12:11 . 2008-12-17 14:27 <DIR> d-------- c:\users\Mário Monteiro\AppData\Roaming\Spybot - Search & Destroy

2008-12-16 21:40 . 2008-12-16 21:40 <DIR> d-------- c:\program files\CCleaner

2008-12-16 15:49 . 2008-12-16 15:49 <DIR> d-------- c:\program files\MSECache

2008-12-12 06:49 . 2008-12-12 06:49 <DIR> d-------- c:\program files\FLV Player

2008-12-11 16:40 . 2008-12-11 16:40 <DIR> d-------- c:\program files\FTP Commander

2008-12-09 21:29 . 2008-10-21 22:22 2,048 --a------ c:\windows\System32\tzres.dll

2008-12-09 21:01 . 2008-10-31 22:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll

2008-12-09 21:01 . 2008-11-01 00:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll

2008-12-09 20:54 . 2008-10-16 01:47 827,392 --a------ c:\windows\System32\wininet.dll

2008-12-09 20:49 . 2008-06-22 22:59 2,868,736 --a------ c:\windows\System32\mf.dll

2008-12-09 20:49 . 2008-06-22 22:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll

2008-12-09 20:49 . 2008-06-22 22:58 94,720 --a------ c:\windows\System32\logagent.exe

2008-12-09 20:43 . 2008-10-29 03:29 2,927,104 --a------ c:\windows\explorer.exe

2008-12-09 20:43 . 2008-10-21 02:25 296,960 --a------ c:\windows\System32\gdi32.dll

2008-12-09 14:13 . 2008-12-09 14:14 <DIR> d-------- c:\program files\GbPlugin

2008-11-30 08:52 . 2008-11-30 08:52 <DIR> d-------- c:\users\All Users\Avira

2008-11-30 08:52 . 2008-11-30 08:52 <DIR> d-------- c:\programdata\Avira

2008-11-30 08:52 . 2008-11-30 08:52 <DIR> d-------- c:\program files\Avira

2008-11-27 14:22 . 2008-11-27 14:22 <DIR> d-------- c:\users\Mário Monteiro\HODCCacesso.serpro.gov.br

2008-11-27 14:22 . 2008-11-27 14:22 <DIR> d-------- c:\users\Mário Monteiro\HODCCacesso.serpro.gov.br

2008-11-27 06:53 . 2008-01-08 08:39 100,352 --a------ c:\windows\System32\drivers\ONDAusbser6k.sys

2008-11-27 06:53 . 2008-01-08 08:39 100,352 --a------ c:\windows\System32\drivers\ONDAusbnmea.sys

2008-11-27 06:53 . 2008-01-08 08:39 100,352 --a------ c:\windows\System32\drivers\ONDAusbmdm6k.sys

2008-11-27 06:52 . 2008-12-20 14:58 <DIR> d-------- c:\program files\Minimodem USB

2008-11-25 17:58 . 2008-08-28 00:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll

2008-11-25 17:58 . 2008-08-28 00:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll

2008-11-25 17:58 . 2008-08-28 00:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll

2008-11-25 17:36 . 2008-10-22 00:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll

2008-11-25 16:55 . 2008-10-21 02:25 1,645,568 --a------ c:\windows\System32\connect.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-25 17:34 2,883,584 --sha-w c:\users\Mário Monteiro\ntuser.dat

2008-12-25 17:34 2,883,584 --sha-w c:\users\Mário Monteiro\ntuser.dat

2008-12-24 23:52 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-24 23:24 --------- d-----w c:\program files\Hewlett-Packard

2008-12-24 22:02 --------- d-----w c:\programdata\Hewlett-Packard

2008-12-24 21:07 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\Malwarebytes

2008-12-24 00:23 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\SiteAdvisor

2008-12-23 11:46 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\Hewlett-Packard

2008-12-23 03:44 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\Macromedia

2008-12-18 20:59 --------- d-s---w c:\users\Mário Monteiro\AppData\Roaming\Microsoft

2008-12-18 17:58 --------- d-----w c:\programdata\Spybot - Search & Destroy

2008-12-17 17:27 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\Spybot - Search & Destroy

2008-12-16 17:45 --------- d---a-w c:\programdata\TEMP

2008-12-10 02:59 --------- d-----w c:\program files\Windows Mail

2008-12-09 17:14 --------- d-----w c:\programdata\GbPlugin

2008-11-30 12:16 --------- d-----w c:\program files\Comodo

2008-11-30 12:01 --------- d-----w c:\program files\Common Files\Symantec Shared

2008-11-30 11:54 --------- d-----w c:\programdata\Symantec

2008-11-29 12:54 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\Adobe

2008-11-23 12:07 --------- d-----w c:\program files\SoftLogica

2008-11-22 22:46 --------- d-----w c:\programdata\CyberLink

2008-11-22 22:41 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\CyberLink

2008-11-17 22:10 --------- d-----w c:\program files\Macromedia

2008-11-17 22:10 --------- d-----w c:\program files\Common Files\Macromedia

2008-11-17 14:50 --------- d-----w c:\program files\Microsoft.NET

2008-11-17 14:37 --------- d-----w c:\programdata\Microsoft Help

2008-11-17 14:37 --------- d-----w c:\program files\Microsoft Works

2008-11-16 17:47 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-11-16 17:01 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\Comodo

2008-11-16 17:01 --------- d-----w c:\programdata\Comodo

2008-11-16 16:44 --------- d-----w c:\program files\PluginLetras

2008-11-15 03:13 410,976 ----a-w c:\windows\System32\deploytk.dll

2008-11-15 03:12 --------- d-----w c:\program files\Java

2008-11-15 02:33 --------- d-----w c:\programdata\SiteAdvisor

2008-11-15 02:33 --------- d-----w c:\programdata\McAfee

2008-11-14 17:27 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\Mozilla

2008-11-14 16:38 --------- d-----w c:\program files\MSXML 4.0

2008-11-14 15:31 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\Symantec

2008-11-14 15:31 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\ATI

2008-11-14 15:30 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\Identities

2008-11-14 15:30 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\DigitalPersona

2008-11-14 15:25 0 --sha-r c:\windows\system32\drivers\103C_HP_cNB_Pavilion DV5_Y5335KV_0U_QBRG837F0WG_EFW948LA#AC4_4A_I30F2_SHP_V98.21_F.08_T080723_WV3-1_L416_M2814_J250_7AMD_8F31_92.00_#081114_N10EC8136;168C001C_(FW948LA#AC4)_XMOBI

LE_CN10_Z_2Rev 1_G10029612.MRK

2008-11-14 15:25 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\Macrovision

2008-11-14 15:20 --------- d-sh--w c:\programdata\Modelos

2008-11-14 15:20 --------- d-sh--w c:\programdata\Menu Iniciar

2008-11-14 15:20 --------- d-sh--w c:\programdata\Favoritos

2008-11-14 15:20 --------- d-sh--w c:\programdata\Documentos

2008-11-14 15:20 --------- d-sh--w c:\programdata\Dados de aplicativos

2008-11-14 15:20 --------- d-sh--w c:\program files\Common Files\Sistema

2008-11-14 15:20 --------- d-sh--w c:\program files\Arquivos Comuns

2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-10-22 18:21 21,248 ----a-w c:\windows\Help\OEM\scripts\HPScript.exe

2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll

2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll

2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe

2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll

2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll

2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll

2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll

2008-10-16 16:08 162,064 ----a-w c:\windows\System32\wuwebv.dll

2008-10-16 15:56 31,232 ----a-w c:\windows\System32\wuapp.exe

2008-10-06 13:51 20,224 ----a-w c:\windows\Help\OEM\scripts\HC_checkMUI.dll

2008-09-30 18:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-20 1233920]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"Google Update"="c:\users\Mário Monteiro\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-22 133104]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]

"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-14 468264]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]

"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-15 136600]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-01-16 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\program files\GbPlugin\gbiehcef.dll" [2008-10-24 396864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{969EF85A-5FE4-45E5-A9B5-90103052413D}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{6A3CD556-B43C-4A70-942A-D857C069EB8F}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{70CB9CC0-000D-4241-85F0-689A216F21A0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{43C829A2-0BA3-46E9-817C-9D3A1A2554B0}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{02B28585-9898-4531-8567-8809DE66AE2A}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{57D0EAA5-D8D7-49EF-924F-3917A0C06393}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\DRIVERS\Amddfltr.sys [2008-09-12 15416]

R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081126.002\IDSvix86.sys [2008-11-27 270384]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe [2008-09-12 73728]

R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [2008-04-14 81920]

R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 24880]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-09-12 341328]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-11-16 600912]

R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-03-26 595248]

R3 Com4QLBEx;Com4QLBEx;"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" [2008-09-12 193840]

R3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-23 52736]

R3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys [2008-11-27 100352]

R3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\DRIVERS\ONDAusbnmea.sys [2008-11-27 100352]

R3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\DRIVERS\ONDAusbser6k.sys [2008-11-27 100352]

R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-26 40752]

S3 WMSvc;Serviço de Gerenciamento da Web;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-20 11264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e70dde3-b256-11dd-986c-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89892286-b261-11dd-96d0-0021866b5780}]

\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89f8e160-bd68-11dd-a08c-0021866b5780}]

\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e598af2-bed8-11dd-83c7-0021866b5780}]

\shell\AutoRun\command - System\Security\DriveGuard.exe -run

\shell\Explore\Command - System\Security\DriveGuard.exe -run

\shell\Open\Command - System\Security\DriveGuard.exe -run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3fb6a43-bc65-11dd-873f-0021866b5780}]

\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4ddfb23-cda9-11dd-9036-0021866b5780}]

\shell\AutoRun\command - f:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

\shell\open\command - f:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c03036c4-b2aa-11dd-9ca4-001e6898d2c5}]

\shell\AutoRun\command - RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

\shell\open\command - RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0303757-b2aa-11dd-9ca4-001e6898d2c5}]

\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef733f67-bc88-11dd-af7a-806e6f6e6963}]

\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0dda249-b376-11dd-8d63-0021866b5780}]

\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-12-12 c:\windows\Tasks\GoogleUpdateTaskUser.job

- c:\users\M []

2008-12-24 c:\windows\Tasks\User_Feed_Synchronization-{FE44F8E1-18AF-43EE-BB19-89F7E3DBB9D0}.job

- c:\windows\system32\msfeedssync.exe [2008-01-20 23:24]

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-25 14:33:20

Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'lsass.exe'(712)

c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(5268)

c:\program files\DigitalPersona\Bin\DpoFeedb.dll

c:\windows\system32\btmmhook.dll

c:\windows\system32\btncopy.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\System32\Ati2evxx.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\Ati2evxx.exe

c:\windows\System32\wlanext.exe

c:\program files\DigitalPersona\Bin\DpHostW.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\windows\System32\agrsmsvc.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\windows\System32\inetsrv\inetinfo.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\System32\conime.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe

c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

c:\program files\Hewlett-Packard\Shared\HpqToaster.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\windows\System32\dllhost.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-12-25 14:44:55 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-12-25 17:44:41

Pré-execução: 164.527.357.952 bytes disponíveis

Pós execução: 164,271,149,056 bytes disponíveis

285 --- E O F --- 2008-12-22 20:05:20

PedroN · Dezembro 25, 2008

Olá Mario, envie o arquivo abaixo para uma análise no virus total e poste os resultados.

c:\program files\Common Files\LightScribe\LSRunOnce.exe <- arquivo

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

File::
E:\AutoRun.exe

F:\AutoRun.exe

f:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

c:\windows\Tasks\GoogleUpdateTaskUser.job

Folder::

c:\program files\desktop.ini

c:\program files\GbPlugin\gbiehcef.dll

Registry::

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000000

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 1 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 1 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 1 (0x0)

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e70dde3-b256-11dd-986c-806e6f6e6963}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89892286-b261-11dd-96d0-0021866b5780}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89f8e160-bd68-11dd-a08c-0021866b5780}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e598af2-bed8-11dd-83c7-0021866b5780}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3fb6a43-bc65-11dd-873f-0021866b5780}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4ddfb23-cda9-11dd-9036-0021866b5780}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c03036c4-b2aa-11dd-9ca4-001e6898d2c5}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0303757-b2aa-11dd-9ca4-001e6898d2c5}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef733f67-bc88-11dd-af7a-806e6f6e6963}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0dda249-b376-11dd-8d63-0021866b5780}]

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

Poste-o junto com o novo log do hijackthis

Ps:. Esse procedimento dever ser feito com o pen drive conectado.

Mário Monteiro · Dezembro 26, 2008

VIRUS TOTAL
Arquivo LSRunOnce.exe recebido em 2008.12.26 14:52:37 (CET)

Andamento: terminado

Resultado: 0/39 (0%)

Antivírus Versão Última Atualização Resultado

a-squared 4.0.0.73 2008.12.26 -

AhnLab-V3 2008.12.25.0 2008.12.26 -

AntiVir 7.9.0.45 2008.12.25 -

Authentium 5.1.0.4 2008.12.25 -

Avast 4.8.1281.0 2008.12.26 -

AVG 8.0.0.199 2008.12.25 -

BitDefender 7.2 2008.12.26 -

CAT-QuickHeal 10.00 2008.12.26 -

ClamAV 0.94.1 2008.12.26 -

Comodo 819 2008.12.26 -

DrWeb 4.44.0.09170 2008.12.26 -

eSafe 7.0.17.0 2008.12.24 -

eTrust-Vet 31.6.6276 2008.12.24 -

Ewido 4.0 2008.12.26 -

F-Prot 4.4.4.56 2008.12.24 -

F-Secure 8.0.14332.0 2008.12.26 -

Fortinet 3.117.0.0 2008.12.26 -

GData 19 2008.12.26 -

Ikarus T3.1.1.45.0 2008.12.26 -

K7AntiVirus 7.10.567 2008.12.26 -

Kaspersky 7.0.0.125 2008.12.26 -

McAfee 5474 2008.12.24 -

McAfee+Artemis 5474 2008.12.24 -

Microsoft 1.4205 2008.12.26 -

NOD32 3718 2008.12.26 -

Norman 5.80.02 2008.12.26 -

Panda 9.0.0.4 2008.12.26 -

PCTools 4.4.2.0 2008.12.26 -

Prevx1 V2 2008.12.26 -

Rising 21.09.42.00 2008.12.26 -

SecureWeb-Gateway 6.7.6 2008.12.25 -

Sophos 4.37.0 2008.12.26 -

Sunbelt 3.2.1809.2 2008.12.22 -

Symantec 10 2008.12.26 -

TheHacker 6.3.1.4.199 2008.12.23 -

TrendMicro 8.700.0.1004 2008.12.26 -

VBA32 3.12.8.10 2008.12.25 -

ViRobot 2008.12.26.1536 2008.12.26 -

VirusBuster 4.5.11.0 2008.12.25 -

Informações adicionais

File size: 451872 bytes

MD5...: e08eda1f8f90f1b52809f9094e552ef5

SHA1..: 6c0c4df53929570a6fa1cc11db8331f9805fe718

SHA256: fffdd6caa930c2b2c73d36de15ba5cef7559d7e6145bb9b0fea8516c7e91df8d

SHA512: 583b8dad1280222eef7a52932e34b35056e80a92b41d1b9cccaf465018e272ba

1a4c6b9eea8ea133d316de5af116c312cad80b4090f4fa1e35e4e40d03745dd5

ssdeep: 3072:4h36GfazuiNRLJMoVxdyQatLlUUjSVVpWgLu68kWl9bOCS/Guz1t2xA15Q/

00bKf:4hq6gNlJMKVACUM/9LPWiJ8PzC

PEiD..: -

TrID..: File type identification

Win64 Executable Generic (59.6%)

Win32 Executable MS Visual C++ (generic) (26.2%)

Win32 Executable Generic (5.9%)

Win32 Dynamic Link Library (generic) (5.2%)

Generic Win/DOS Executable (1.3%)

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x40a24c

timedatestamp.....: 0x47c48d6e (Tue Feb 26 22:06:38 2008)

machinetype.......: 0x14c (I386)

( 4 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x1d5a4 0x1e000 6.65 37ea52f69aabe87e1ace0c6ec4ad0a37

.rdata 0x1f000 0x500e 0x6000 4.56 a836b68b97487fc704674bcc239b11ad

.data 0x25000 0x3768 0x2000 3.04 eed3f9447e731aedaf43317104f13ecf

.rsrc 0x29000 0x452c8 0x46000 5.08 92396e0b956fb96d4ad9668e1b645d1b

( 5 imports )

> KERNEL32.dll: lstrlenW, CompareStringA, CompareStringW, SetEnvironmentVariableA, CreateFileA, SetStdHandle, WriteConsoleW, GetConsoleOutputCP, FindResourceExA, FindResourceA, LoadResource, LockResource, SizeofResource, GetLastError, WideCharToMultiByte, MultiByteToWideChar, InterlockedExchange, WriteConsoleA, ReadFile, GetLocaleInfoW, GetTimeZoneInformation, LoadLibraryA, InterlockedIncrement, InterlockedDecrement, Sleep, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, HeapDestroy, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, GetProcessHeap, GetACP, GetLocaleInfoA, GetThreadLocale, GetVersionExA, RaiseException, VirtualAlloc, GetProcAddress, GetModuleHandleA, RtlUnwind, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, GetDriveTypeA, FindFirstFileA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCommandLineA, GetStartupInfoA, GetCPInfo, LCMapStringA, LCMapStringW, GetOEMCP, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, VirtualFree, HeapCreate, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, GetFullPathNameA, GetCurrentDirectoryA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, GetConsoleCP, GetConsoleMode, FlushFileBuffers, SetFilePointer, CloseHandle

> USER32.dll: UnregisterClassA

> ADVAPI32.dll: ReportEventA, DeregisterEventSource, RegOpenKeyExW, RegCreateKeyExW, RegSetValueExW, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, RegisterEventSourceA

> SHELL32.dll: SHGetFolderPathW

> OLEAUT32.dll: -, -

( 0 exports )

ATENTION ATENÇÃO: VirusTotal é um serviço gratuito oferecido por Hispasec Sistemas. Não há garantias quanto à disponibilidade e continuidade desse serviço. Apesar da taxa de detecção proporcionada pelo uso de múltiplos mecanismos de antivírus ser muito superior àquela oferecida por um único produto, os resultados NÃO garantem a possibilidade de um arquivo ser inofensivo. Atualmente, não há qualquer solução que ofereça 100% de eficiência na detecção de vírus e arquivos maliciosos..

ComboFix 08-12-24.01 - Mário Monteiro 2008-12-26 8:52:43.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1046.18.2813.1805 [GMT -3:00]

Executando de: c:\users\Mário Monteiro\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\Mário Monteiro\Desktop\CFScript.txt

FILE ::

c:\windows\Tasks\GoogleUpdateTaskUser.job

E:\AutoRun.exe

F:\AutoRun.exe

f:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\desktop.ini\

c:\program files\GbPlugin\gbiehcef.dll\

c:\windows\Tasks\GoogleUpdateTaskUser.job

G:\autorun.inf

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-26 to 2008-12-26 ))))))))))))))))))))))))))))

.

2008-12-24 18:07 . 2008-12-24 18:07 <DIR> d-------- c:\users\Mário Monteiro\AppData\Roaming\Malwarebytes

2008-12-24 18:07 . 2008-12-03 19:59 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2008-12-24 18:07 . 2008-12-03 19:59 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2008-12-24 18:06 . 2008-12-24 18:06 <DIR> d-------- c:\users\All Users\Malwarebytes

2008-12-24 18:06 . 2008-12-24 18:06 <DIR> d-------- c:\programdata\Malwarebytes

2008-12-23 17:43 . 2008-12-25 14:13 <DIR> d-------- C:\HijackThis

2008-12-23 13:39 . 2008-12-23 13:39 <DIR> d-------- c:\windows\System32\0416

2008-12-23 13:39 . 2008-12-23 13:39 <DIR> d-------- C:\inetpub

2008-12-17 19:27 . 2008-12-17 19:27 <DIR> d-------- c:\program files\Common Files\Adobe

2008-12-17 12:11 . 2008-12-17 14:27 <DIR> d-------- c:\users\Mário Monteiro\AppData\Roaming\Spybot - Search & Destroy

2008-12-16 21:40 . 2008-12-16 21:40 <DIR> d-------- c:\program files\CCleaner

2008-12-16 15:49 . 2008-12-16 15:49 <DIR> d-------- c:\program files\MSECache

2008-12-12 06:49 . 2008-12-12 06:49 <DIR> d-------- c:\program files\FLV Player

2008-12-11 16:40 . 2008-12-11 16:40 <DIR> d-------- c:\program files\FTP Commander

2008-12-09 21:29 . 2008-10-21 22:22 2,048 --a------ c:\windows\System32\tzres.dll

2008-12-09 21:01 . 2008-10-31 22:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll

2008-12-09 21:01 . 2008-11-01 00:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll

2008-12-09 20:54 . 2008-10-16 01:47 827,392 --a------ c:\windows\System32\wininet.dll

2008-12-09 20:49 . 2008-06-22 22:59 2,868,736 --a------ c:\windows\System32\mf.dll

2008-12-09 20:49 . 2008-06-22 22:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll

2008-12-09 20:49 . 2008-06-22 22:58 94,720 --a------ c:\windows\System32\logagent.exe

2008-12-09 20:43 . 2008-10-29 03:29 2,927,104 --a------ c:\windows\explorer.exe

2008-12-09 20:43 . 2008-10-21 02:25 296,960 --a------ c:\windows\System32\gdi32.dll

2008-12-09 14:13 . 2008-12-09 14:14 <DIR> d-------- c:\program files\GbPlugin

2008-11-30 08:52 . 2008-11-30 08:52 <DIR> d-------- c:\users\All Users\Avira

2008-11-30 08:52 . 2008-11-30 08:52 <DIR> d-------- c:\programdata\Avira

2008-11-30 08:52 . 2008-11-30 08:52 <DIR> d-------- c:\program files\Avira

2008-11-27 14:22 . 2008-11-27 14:22 <DIR> d-------- c:\users\Mário Monteiro\HODCCacesso.serpro.gov.br

2008-11-27 14:22 . 2008-11-27 14:22 <DIR> d-------- c:\users\Mário Monteiro\HODCCacesso.serpro.gov.br

2008-11-27 06:53 . 2008-01-08 08:39 100,352 --a------ c:\windows\System32\drivers\ONDAusbser6k.sys

2008-11-27 06:53 . 2008-01-08 08:39 100,352 --a------ c:\windows\System32\drivers\ONDAusbnmea.sys

2008-11-27 06:53 . 2008-01-08 08:39 100,352 --a------ c:\windows\System32\drivers\ONDAusbmdm6k.sys

2008-11-27 06:52 . 2008-12-20 14:58 <DIR> d-------- c:\program files\Minimodem USB

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-26 12:01 2,883,584 --sha-w c:\users\Mário Monteiro\ntuser.dat

2008-12-26 12:01 2,883,584 --sha-w c:\users\Mário Monteiro\ntuser.dat

2008-12-24 23:52 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-24 23:24 --------- d-----w c:\program files\Hewlett-Packard

2008-12-24 22:02 --------- d-----w c:\programdata\Hewlett-Packard

2008-12-24 21:07 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\Malwarebytes

2008-12-24 00:23 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\SiteAdvisor

2008-12-23 11:46 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\Hewlett-Packard

2008-12-23 03:44 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\Macromedia

2008-12-18 20:59 --------- d-s---w c:\users\Mário Monteiro\AppData\Roaming\Microsoft

2008-12-18 17:58 --------- d-----w c:\programdata\Spybot - Search & Destroy

2008-12-17 17:27 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\Spybot - Search & Destroy

2008-12-16 17:45 --------- d---a-w c:\programdata\TEMP

2008-12-10 02:59 --------- d-----w c:\program files\Windows Mail

2008-12-09 17:14 --------- d-----w c:\programdata\GbPlugin

2008-11-30 12:16 --------- d-----w c:\program files\Comodo

2008-11-30 12:01 --------- d-----w c:\program files\Common Files\Symantec Shared

2008-11-30 11:54 --------- d-----w c:\programdata\Symantec

2008-11-29 12:54 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\Adobe

2008-11-23 12:07 --------- d-----w c:\program files\SoftLogica

2008-11-22 22:46 --------- d-----w c:\programdata\CyberLink

2008-11-22 22:41 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\CyberLink

2008-11-17 22:10 --------- d-----w c:\program files\Macromedia

2008-11-17 22:10 --------- d-----w c:\program files\Common Files\Macromedia

2008-11-17 14:50 --------- d-----w c:\program files\Microsoft.NET

2008-11-17 14:37 --------- d-----w c:\programdata\Microsoft Help

2008-11-17 14:37 --------- d-----w c:\program files\Microsoft Works

2008-11-16 17:47 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-11-16 17:01 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\Comodo

2008-11-16 17:01 --------- d-----w c:\programdata\Comodo

2008-11-16 16:44 --------- d-----w c:\program files\PluginLetras

2008-11-15 03:13 410,976 ----a-w c:\windows\System32\deploytk.dll

2008-11-15 03:12 --------- d-----w c:\program files\Java

2008-11-15 02:33 --------- d-----w c:\programdata\SiteAdvisor

2008-11-15 02:33 --------- d-----w c:\programdata\McAfee

2008-11-14 17:27 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\Mozilla

2008-11-14 16:38 --------- d-----w c:\program files\MSXML 4.0

2008-11-14 15:31 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\Symantec

2008-11-14 15:31 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\ATI

2008-11-14 15:30 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\Identities

2008-11-14 15:30 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\DigitalPersona

2008-11-14 15:25 0 --sha-r c:\windows\system32\drivers\103C_HP_cNB_Pavilion DV5_Y5335KV_0U_QBRG837F0WG_EFW948LA#AC4_4A_I30F2_SHP_V98.21_F.08_T080723_WV3-1_L416_M2814_J250_7AMD_8F31_92.00_#081114_N10EC8136;168C001C_(FW948LA#AC4)_XMOBI

LE_CN10_Z_2Rev 1_G10029612.MRK

2008-11-14 15:25 --------- d-----w c:\users\Mário Monteiro\AppData\Roaming\Macrovision

2008-11-14 15:20 --------- d-sh--w c:\programdata\Modelos

2008-11-14 15:20 --------- d-sh--w c:\programdata\Menu Iniciar

2008-11-14 15:20 --------- d-sh--w c:\programdata\Favoritos

2008-11-14 15:20 --------- d-sh--w c:\programdata\Documentos

2008-11-14 15:20 --------- d-sh--w c:\programdata\Dados de aplicativos

2008-11-14 15:20 --------- d-sh--w c:\program files\Common Files\Sistema

2008-11-14 15:20 --------- d-sh--w c:\program files\Arquivos Comuns

2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-10-22 18:21 21,248 ----a-w c:\windows\Help\OEM\scripts\HPScript.exe

2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll

2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll

2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll

2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll

2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe

2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll

2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll

2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll

2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll

2008-10-16 16:08 162,064 ----a-w c:\windows\System32\wuwebv.dll

2008-10-16 15:56 31,232 ----a-w c:\windows\System32\wuapp.exe

2008-10-06 13:51 20,224 ----a-w c:\windows\Help\OEM\scripts\HC_checkMUI.dll

2008-09-30 18:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

.

((((((((((((((((((((((((((((( snapshot@2008-12-25_14.36.00.81 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-12-25 17:31:25 1,634 ----a-w c:\windows\bthservsdp.dat

+ 2008-12-26 11:56:25 1,634 ----a-w c:\windows\bthservsdp.dat

- 2008-12-25 17:33:13 1,835,008 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-12-26 12:00:24 1,835,008 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat

- 2008-12-25 17:33:13 1,835,008 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-12-26 12:00:24 1,835,008 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat

- 2008-12-25 16:38:51 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-12-26 01:21:25 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-12-25 16:38:51 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-12-26 01:21:25 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-12-25 16:38:51 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-12-26 01:21:25 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-12-25 16:45:32 124,710 ----a-w c:\windows\System32\perfc009.dat

+ 2008-12-26 11:56:02 124,710 ----a-w c:\windows\System32\perfc009.dat

- 2008-12-25 16:45:32 655,270 ----a-w c:\windows\System32\perfh009.dat

+ 2008-12-26 11:56:02 655,270 ----a-w c:\windows\System32\perfh009.dat

- 2008-12-25 16:45:32 151,270 ----a-w c:\windows\System32\prfc0416.dat

+ 2008-12-26 11:56:02 151,270 ----a-w c:\windows\System32\prfc0416.dat

- 2008-12-25 16:45:32 711,536 ----a-w c:\windows\System32\prfh0416.dat

+ 2008-12-26 11:56:02 711,536 ----a-w c:\windows\System32\prfh0416.dat

- 2008-12-25 16:40:54 8,190 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1330734708-2192215675-4224272535-1000_UserData.bin

+ 2008-12-26 11:51:13 8,460 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1330734708-2192215675-4224272535-1000_UserData.bin

- 2008-12-25 16:40:53 102,686 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-12-26 11:51:12 102,972 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-12-25 16:40:51 50,938 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-12-26 11:51:06 51,034 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-20 1233920]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"Google Update"="c:\users\Mário Monteiro\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-22 133104]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]

"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-14 468264]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]

"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-15 136600]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-01-16 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{969EF85A-5FE4-45E5-A9B5-90103052413D}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{6A3CD556-B43C-4A70-942A-D857C069EB8F}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{70CB9CC0-000D-4241-85F0-689A216F21A0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{43C829A2-0BA3-46E9-817C-9D3A1A2554B0}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{02B28585-9898-4531-8567-8809DE66AE2A}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{57D0EAA5-D8D7-49EF-924F-3917A0C06393}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\DRIVERS\Amddfltr.sys [2008-09-12 15416]

R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081126.002\IDSvix86.sys [2008-11-27 270384]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe [2008-09-12 73728]

R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [2008-04-14 81920]

R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 24880]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-09-12 341328]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-11-16 600912]

R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-03-26 595248]

R3 Com4QLBEx;Com4QLBEx;"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" [2008-09-12 193840]

R3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-23 52736]

R3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys [2008-11-27 100352]

R3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\DRIVERS\ONDAusbnmea.sys [2008-11-27 100352]

R3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\DRIVERS\ONDAusbser6k.sys [2008-11-27 100352]

R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-26 40752]

S3 WMSvc;Serviço de Gerenciamento da Web;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-20 11264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-12-26 c:\windows\Tasks\User_Feed_Synchronization-{FE44F8E1-18AF-43EE-BB19-89F7E3DBB9D0}.job

- c:\windows\system32\msfeedssync.exe [2008-01-20 23:24]

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-26 09:00:26

Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'lsass.exe'(728)

c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(5032)

c:\program files\DigitalPersona\Bin\DpoFeedb.dll

c:\windows\system32\btmmhook.dll

c:\windows\system32\NetworkExplorer.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\System32\Ati2evxx.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\Ati2evxx.exe

c:\windows\System32\wlanext.exe

c:\program files\DigitalPersona\Bin\DpHostW.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\windows\System32\agrsmsvc.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\windows\System32\inetsrv\inetinfo.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\System32\WUDFHost.exe

c:\windows\System32\conime.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe

c:\program files\Hewlett-Packard\Shared\HpqToaster.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\program files\Windows Media Player\wmplayer.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

c:\windows\System32\dllhost.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-12-26 9:12:31 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-12-26 12:12:23

ComboFix2.txt 2008-12-25 17:44:56

Pré-execução: 163.844.632.576 bytes disponíveis

Pós execução: 163,605,397,504 bytes disponíveis

286 --- E O F --- 2008-12-22 20:05:20

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:07, on 26/12/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\DigitalPersona\Bin\DpAgent.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Users\Mário Monteiro\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Minimodem USB\Minimodem USB.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\HijackThis\HiJackThis.exe

C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe

C:\Program Files\Java\jre6\bin\java.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"

O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Users\Mário Monteiro\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F8B5DE89-1C90-4D07-A259-17EFEAF4304A}: NameServer = 189.40.224.5 10.223.246.102

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppXL\cdrom_mon.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe

O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--

End of file - 9199 bytes

PedroN · Dezembro 26, 2008

Com o navegador Internet Explorer, acesse o Kaspersky Online Scanner e faça um scan online seguindo o tutorial abaixo.

Tutorial Kaspersky Online Scanner

Ao término do scan, salve o relatório com a extensão .txt (como mostra no final do tutorial) e poste em sua próxima resposta.

Mário Monteiro · Dezembro 27, 2008

Desculpe a demora mas é que este log em si demora muito

Foi detectado algo

A mensagem inicial faz tempo que nao surge nao sei precisar se foi depois do MWBytes ou do Combofix mas mesmo assim quero seguir com a analise ate limpar os logs

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT

Saturday, December 27, 2008

Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Saturday, December 27, 2008 09:18:37

Records in database: 1520325

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

G:\

Scan statistics:

Files scanned: 134110

Threat name: 1

Infected objects: 1

Suspicious objects: 0

Duration of the scan: 01:51:45

File name / Threat name / Threats count

G:\info.exe Infected: Worm.Win32.AutoRun.lri 1

The selected area was scanned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:28:23, on 27/12/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\DigitalPersona\Bin\DpAgent.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Users\Mário Monteiro\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Minimodem USB\Minimodem USB.exe

C:\Windows\System32\mobsync.exe

C:\Windows\System32\dfrgui.exe

C:\Program Files\Hewlett-Packard\HP Health Check\HPHC.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Windows\helppane.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\System32\WScript.exe

C:\Windows\system32\conime.exe

C:\Windows\SMINST\CD Creator.exe

C:\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"

O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Users\Mário Monteiro\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{34FA85FA-3D4A-4497-BCCC-0183ACE128E4}: NameServer = 189.40.224.5 10.223.246.102

O17 - HKLM\System\CS1\Services\Tcpip\..\{34FA85FA-3D4A-4497-BCCC-0183ACE128E4}: NameServer = 189.40.224.5 10.223.246.102

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppXL\cdrom_mon.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe

O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--

End of file - 9764 bytes

PedroN · Dezembro 29, 2008

- Faça o download do Killbox e execute-o:

• Marque a opção Delete on Reboot. Copie a lista abaixo (selecione e clique em Editar > Copiar ou pressione Ctrl + C):

G:\info.exe

• Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files;

• Clique no e responda Não à pergunta.

Feito o procedimento, realize um novo scan online.

Abraços

Mário Monteiro · Dezembro 30, 2008

Este link nao está acessivel

Pelo menos nao consegui

Mário Monteiro · Dezembro 30, 2008

Hum

Descobri

Mudou o dominio do linha defensiva

o caminho correto agora é http://www.linhadefensiva.org/dl/killbox

Sugiro corrigir nas suas proximas analises

Estou efetuando agora o killbox e logo depois que chegar em casa inicio o scan online que deve demorar e posto os novos logs tao logo este termine

Obrigado pela ajuda

PedroN · Dezembro 31, 2008

Olá muito obrigado, realmente o linha defensiva mudou o seu dominio depois que quebrou a parceria com a UOL

Abraços e fico no aguardo

Mário Monteiro · Dezembro 31, 2008

Wednesday, December 31, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Wednesday, December 31, 2008 00:58:54

Records in database: 1534614

Scan settings

Scan using the following database extended

Scan archives yes

Scan mail databases yes

Scan area My Computer

C:\

D:\

E:\

G:\

Scan statistics

Files scanned 135425

Threat name 0

Infected objects 0

Suspicious objects 0

Duration of the scan 01:55:22

No malware has been detected. The scan area is clean.

The selected area was scanned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:52:04, on 31/12/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\DigitalPersona\Bin\DpAgent.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Comodo\Firewall\cfp.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Users\Mário Monteiro\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Minimodem USB\Minimodem USB.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"

O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Users\Mário Monteiro\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{62245CC1-63E7-4EF0-AB7A-5E858DC59048}: NameServer = 189.40.224.5 10.223.246.102

O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppXL\cdrom_mon.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe

O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--

End of file - 9721 bytes

PedroN · Dezembro 31, 2008

Ok, o log estar limpo :)

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner

◘ Clique em Salvar e quando terminado o download, faça a instalação;

◘ Abra o programa e clique em Executar Limpeza;

◘ Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados.

Feliz Ano Novo

Mário Monteiro · Dezembro 31, 2008

essa limpeza eu ja fiz, smepre faço isso ao menos uma vez na semana

obrigado sr. perfect

como disse depois do MWBytes e do Combofix aquela mensagem parou

agora com a confirmação de que o log esta limpo o caso está encerrado

abraços

PedroN · Dezembro 31, 2008

PROBLEMA RESOLVIDO!

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Arquivado

[Resolvido!] Analise de Log - Acao Sem Comando

Recommended Posts

Mário Monteiro 179

Compartilhar este post

Link para o post

Compartilhar em outros sites

PedroN 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

Mário Monteiro 179

Compartilhar este post

Link para o post

Compartilhar em outros sites

PedroN 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

Mário Monteiro 179

Compartilhar este post

Link para o post

Compartilhar em outros sites

PedroN 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

Mário Monteiro 179

Compartilhar este post

Link para o post

Compartilhar em outros sites

PedroN 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

Mário Monteiro 179

Compartilhar este post

Link para o post

Compartilhar em outros sites

PedroN 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

Mário Monteiro 179

Compartilhar este post

Link para o post

Compartilhar em outros sites

Mário Monteiro 179

Compartilhar este post

Link para o post

Compartilhar em outros sites

PedroN 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

Mário Monteiro 179

Compartilhar este post

Link para o post

Compartilhar em outros sites

PedroN 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

Mário Monteiro 179

Compartilhar este post

Link para o post

Compartilhar em outros sites

PedroN 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

PHP+Codeigniter - Adicionar Registro Plano de Contas

Javascript - Passar Parâmetros para uma Função.

PHP - Consulta MySql para prazo de dias

Fóruns

Tempo Real

Informação importante