Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Tania Moraes

[Resolvido!] Virtumonde

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Mário Monteiro    179

Mário Monteiro
Postado

http://forum.imasters.com.br/index.php?showtopic=165906

 

post um log conforme topico

Compartilhar este post

Link para o post
Compartilhar em outros sites

Tania Moraes    0

Tania Moraes
Postado

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:08:52, on 03/03/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Grisoft\AVG7\avgw.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\HiJackThis.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

C:\Windows\system32\DllHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60327

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 7495 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Tania Moraes

 

<@> Baixe: < desktopicon.png > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Tania Moraes    0

Tania Moraes
Postado

ComboFix 09-03-06.02 - Usuario 2009-03-07 22:38:19.1 - NTFSx86

Microsoft® Windows Vista™ Starter 6.0.6001.1.1252.1.1046.18.959.388 [GMT -3:00]

Executando de: c:\users\Usuario\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\AutoRun.inf

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-08 to 2009-03-08 ))))))))))))))))))))))))))))

.

 

2030-11-21 12:27 . 2030-11-21 12:27 <DIR> d-------- c:\program files\Motorola

2030-11-21 08:18 . 2030-11-21 08:18 0 --a------ c:\windows\System32\atiicdxx.dat

2030-11-20 16:12 . 2030-11-20 15:17 <DIR> d-------- c:\windows\Panther

2030-11-20 16:11 . 2008-12-14 09:21 <DIR> d--hs---- C:\Boot

2030-11-20 16:11 . 2008-01-19 04:45 333,203 -rahs---- C:\bootmgr

2030-11-20 16:11 . 2030-11-20 16:11 8,192 -ra-s---- C:\BOOTSECT.BAK

2030-11-20 15:58 . 2030-11-20 15:58 268 --ah----- C:\sqmdata01.sqm

2030-11-20 15:58 . 2030-11-20 15:58 244 --ah----- C:\sqmnoopt01.sqm

2030-11-20 15:52 . 2030-11-20 15:52 268 --ah----- C:\sqmdata00.sqm

2030-11-20 15:52 . 2030-11-20 15:52 244 --ah----- C:\sqmnoopt00.sqm

2030-11-20 15:50 . 2008-02-12 18:34 <DIR> d-------- c:\users\Usuario\AppData\Roaming\BrOffice.org2

2030-11-20 15:49 . 2030-11-20 15:49 <DIR> d-------- c:\program files\BrOffice.org 2.2

2030-11-20 15:45 . 2008-02-14 22:13 <DIR> d-------- c:\users\All Users\Adobe

2030-11-20 15:45 . 2008-02-14 22:13 <DIR> d-------- c:\program files\Common Files\Adobe

2030-11-20 15:44 . 2030-11-20 15:44 <DIR> d-------- c:\windows\PCHEALTH

2030-11-20 15:44 . 2030-11-20 15:44 <DIR> d-------- c:\program files\MSN Messenger

2030-11-20 15:42 . 2030-11-20 15:42 <DIR> d-------- c:\program files\Alwil Software

2030-11-20 15:42 . 2003-03-18 17:20 1,060,864 --a------ c:\windows\System32\MFC71.dll

2030-11-20 15:42 . 2003-03-18 16:14 499,712 --a------ c:\windows\System32\MSVCP71.dll

2030-11-20 15:42 . 2003-02-21 01:42 348,160 --a------ c:\windows\System32\MSVCR71.dll

2030-11-20 15:34 . 2006-10-27 05:26 69,632 --a------ c:\windows\System32\vuins32.dll

2030-11-20 15:33 . 2007-04-16 00:05 356,352 --a------ c:\windows\System32\VIAPropPageExt.dll

2030-11-20 15:33 . 2007-04-16 00:13 73,216 --a------ c:\windows\System32\VIASysFx.dll

2030-11-20 15:31 . 2030-11-20 15:33 <DIR> d-------- c:\program files\VIA

2030-11-20 15:31 . 2030-11-20 15:32 <DIR> d-------- c:\program files\S3

2030-11-20 15:31 . 2008-07-09 19:03 <DIR> d--h----- c:\program files\InstallShield Installation Information

2030-11-20 15:30 . 2009-03-02 22:51 <DIR> d--hs---- c:\windows\Installer

2030-11-20 15:30 . 2008-07-09 19:03 <DIR> d-------- c:\program files\Common Files\InstallShield

2030-11-20 15:29 . 2030-11-20 15:29 15,600 --a------ c:\windows\gdrv.sys

2030-11-20 15:15 . 2009-03-07 14:50 <DIR> d-------- c:\windows\System32\catroot2

2030-11-20 15:14 . 2009-02-13 11:02 <DIR> d-------- c:\windows\Debug

2030-11-20 15:13 . 2030-11-21 09:01 79,461,286 --a------ c:\windows\DUMP55f0.tmp

2030-11-20 15:13 . 2030-11-21 09:04 79,276,966 --a------ c:\windows\DUMP564d.tmp

2030-11-20 15:13 . 2030-11-21 09:02 79,084,454 --a------ c:\windows\DUMP5728.tmp

2030-11-20 15:13 . 2030-11-21 09:05 78,990,246 --a------ c:\windows\DUMP5747.tmp

2030-11-20 15:13 . 2030-11-21 09:06 78,928,806 --a------ c:\windows\DUMP563e.tmp

2030-11-20 15:13 . 2030-11-21 09:07 78,896,038 --a------ c:\windows\DUMP5709.tmp

2009-03-07 14:57 . 2008-12-16 00:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL

2009-03-07 14:57 . 2008-12-16 02:31 7,680 --a------ c:\windows\System32\spwmp.dll

2009-03-07 14:57 . 2008-12-16 02:31 4,096 --a------ c:\windows\System32\msdxm.ocx

2009-03-07 14:57 . 2008-12-16 02:31 4,096 --a------ c:\windows\System32\dxmasf.dll

2009-03-02 22:50 . 2009-03-02 22:50 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2009-03-01 20:37 . 2009-03-01 21:44 <DIR> d-------- c:\users\Usuario\AppData\Roaming\SUPERAntiSpyware.com

2009-03-01 20:37 . 2009-03-01 20:37 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com

2009-03-01 20:37 . 2009-03-01 20:37 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com

2009-03-01 20:37 . 2009-03-01 21:44 <DIR> d-------- c:\program files\SUPERAntiSpyware

2009-02-23 22:52 . 2009-02-23 22:52 90 --a------ c:\windows\wininit.ini

2009-02-23 22:02 . 2009-02-23 22:02 <DIR> d-------- c:\users\Usuario\AppData\Roaming\Malwarebytes

2009-02-23 22:02 . 2009-02-23 22:02 <DIR> d-------- c:\users\All Users\Malwarebytes

2009-02-23 22:02 . 2009-02-23 22:02 <DIR> d-------- c:\programdata\Malwarebytes

2009-02-19 13:05 . 2008-06-19 22:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll

2009-02-19 13:05 . 2008-06-19 22:14 622,080 --a------ c:\windows\System32\icardagt.exe

2009-02-19 13:05 . 2008-06-19 22:14 326,160 --a------ c:\windows\System32\PresentationHost.exe

2009-02-19 13:05 . 2008-06-19 22:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll

2009-02-19 13:05 . 2008-06-19 22:14 97,800 --a------ c:\windows\System32\infocardapi.dll

2009-02-19 13:05 . 2008-06-19 22:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll

2009-02-19 13:05 . 2008-06-19 22:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl

2009-02-19 13:05 . 2008-06-19 22:14 11,264 --a------ c:\windows\System32\icardres.dll

2009-02-19 12:46 . 2008-07-27 15:03 282,112 --a------ c:\windows\System32\mscoree.dll

2009-02-19 12:46 . 2008-07-27 15:03 96,760 --a------ c:\windows\System32\dfshim.dll

2009-02-19 12:46 . 2008-07-27 15:03 41,984 --a------ c:\windows\System32\netfxperf.dll

2009-02-19 12:45 . 2008-07-27 15:03 158,720 --a------ c:\windows\System32\mscorier.dll

2009-02-19 12:44 . 2008-07-27 15:03 83,968 --a------ c:\windows\System32\mscories.dll

2009-02-13 10:45 . 2009-02-13 10:45 <DIR> d-------- c:\program files\CCleaner

2009-02-11 22:31 . 2009-01-15 00:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb

2009-02-11 22:31 . 2009-01-15 03:11 827,392 --a------ c:\windows\System32\wininet.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2030-11-20 18:25 --------- d-sh--w c:\programdata\Modelos

2030-11-20 18:25 --------- d-sh--w c:\programdata\Menu Iniciar

2030-11-20 18:25 --------- d-sh--w c:\programdata\Favoritos

2030-11-20 18:25 --------- d-sh--w c:\programdata\Documentos

2030-11-20 18:25 --------- d-sh--w c:\programdata\Dados de aplicativos

2030-11-20 18:25 --------- d-sh--w c:\program files\Common Files\Sistema

2030-11-20 18:25 --------- d-sh--w c:\program files\Arquivos Comuns

2009-03-08 01:27 --------- d-----w c:\users\Usuario\AppData\Roaming\AVG7

2009-03-08 01:27 --------- d-----w c:\programdata\avg7

2009-03-07 18:16 --------- d-----w c:\programdata\Spybot - Search & Destroy

2009-02-13 00:12 --------- d-----w c:\programdata\McAfee

2009-02-12 11:56 --------- d-----w c:\program files\Windows Mail

2009-02-08 02:14 --------- d-----w c:\program files\Google

2009-02-06 00:08 --------- d-----w c:\programdata\SiteAdvisor

2009-02-06 00:07 --------- d-----w c:\program files\Yahoo!

2009-02-05 20:22 --------- d-----w c:\users\Usuario\AppData\Roaming\Yahoo!

2009-01-22 17:51 --------- d-----w c:\programdata\eMule

2009-01-22 17:50 --------- d-----w c:\program files\DreaMule

2009-01-10 23:36 --------- d-----w c:\program files\K-Lite Codec Pack

2009-01-04 21:22 2,560 ----a-w c:\windows\_MSRSTRT.EXE

2008-12-14 12:21 174 --sha-w c:\program files\desktop.ini

2008-12-13 23:14 82,432 ----a-w c:\windows\System32\axaltocm.dll

2008-12-13 23:14 101,888 ----a-w c:\windows\System32\ifxcardm.dll

2008-12-23 01:21 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll

2008-12-23 01:21 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll

2008-12-23 01:21 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll

2008-12-23 01:21 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll

2008-12-23 01:21 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll

2008-04-12 14:37 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-04-12 14:37 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-04-12 14:37 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\program files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe" [2007-05-11 1183744]

"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDFSTab"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDFSTab"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.3iv2"= 3ivxVfWCodec.dll

"VIDC.HFYU"= huffyuv.dll

"VIDC.VP31"= vp31vfw.dll

 

[HKLM\~\startupfolder\C:^Users^Usuario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BrOffice.org 2.2.lnk]

path=c:\users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BrOffice.org 2.2.lnk

backup=c:\windows\pss\BrOffice.org 2.2.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2008-01-19 04:38 1008184 c:\program files\Windows Defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]

--a------ 2007-04-25 04:41 176128 c:\windows\System32\s3trayp.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{33D16255-A120-40AA-BC0F-7BFAB895DB9E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{03E1D123-D86A-4022-BC2A-A6081EBF2A59}"= UDP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe

"{91878CFB-94CF-4D52-8015-B62AB0757397}"= TCP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe

"{729D6D5E-3AD2-44DA-AF2A-B395BF70156C}"= UDP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe

"{066AE564-F463-42DA-B6D2-4CF22C006058}"= TCP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe

"{AF527968-5124-4084-A28E-7FF0383C6ABE}"= UDP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe

"{A246CD8D-E0C4-47EC-90CB-E814A25039A0}"= TCP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe

"{27CDDDE2-7BBE-4BC7-8D33-310EF72266E3}"= UDP:c:\program files\Grisoft\AVG7\avgemc.exe:avgemc.exe

"{D62C21EE-6175-4B84-9FDE-64E4D578303B}"= TCP:c:\program files\Grisoft\AVG7\avgemc.exe:avgemc.exe

"{1D6C0E74-70FA-4DA6-B7A9-B370E3709BC0}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{B277B91B-4D12-4956-A6D9-25E4F13C094F}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{36439666-43DA-4896-9BAF-1519730D2BBB}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{766F51F8-0B40-461F-BC0E-7628799FCE10}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{F8369C61-B6D6-4937-A4DC-B549967C4EC7}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{D6BDE340-CFD9-4C9E-A5F4-992423AD77CD}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil

"{B96E135E-D90E-4919-BD97-A768357DF478}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil

"TCP Query User{F15BF12F-A47C-42C4-B178-2318DCC26A70}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{84C0BD05-1194-48AF-B233-151793F6B499}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{FEEBA25E-1AF3-4F60-8D2F-93F7A963325B}c:\\program files\\dreamule\\emule.exe"= UDP:c:\program files\dreamule\emule.exe:Dreamule

"UDP Query User{DB56FB12-17C2-454D-BDB0-471258C0EF4D}c:\\program files\\dreamule\\emule.exe"= TCP:c:\program files\dreamule\emule.exe:Dreamule

 

R0 ViBus;ViBus;c:\windows\System32\drivers\ViBus.sys [2030-11-20 16896]

R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\System32\drivers\ViPrt.sys [2030-11-20 52224]

R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\System32\drivers\fetnd6v.sys [2008-09-22 43520]

R3 S3GIGP;S3GIGP;c:\windows\System32\drivers\VTGKModeDX32.sys [2030-11-20 864256]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2006-11-02 167936]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{693530bb-61ce-11f6-9b5c-001d7d873914}]

\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\shell\Open(&0)\command - Recycled\ctfmon.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1e93514-c6a3-11dc-b13a-001d7d830431}]

\shell\AutoRun\command - nudeiect.com

\shell\explore\Command - nudeiect.com

\shell\open\Command - nudeiect.com

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

HKCU-Run-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe

MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.uol.com.br/

IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.18\AMVConverter\grab.html

IE: Crawler Search

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\aajen6ge.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br/

FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60327&qkw=

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-07 22:42:20

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\program files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1????????????????????????????????????????????????????????

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2009-03-07 22:44:36

ComboFix-quarantined-files.txt 2009-03-08 01:44:33

 

Pré-execução: 38.954.684.416 bytes disponíveis

Pós execução: 38,926,884,864 bytes disponíveis

 

238 --- E O F --- 2009-03-07 18:00:26

Compartilhar este post

Link para o post
Compartilhar em outros sites

Tania Moraes    0

Tania Moraes
Postado

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:59:16, on 07/03/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Windows\Explorer.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

C:\HiJackThis.exe

C:\Windows\system32\DllHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 5838 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Tania Moraes

 

<@> Abra o Spybot Search & Destroy!

<@> No menu superior,vá em Modo e selecione a opção Avançado. Confirme!

<@> Clique no botão Ferramentas e depois em Residente.

<@> Desmarque a opção: Ativar "TeaTimer" do Residente. ( Proteção geral das configurações de sistema )

<><><><><><><><><>

Insira sua(s) unidade(s) removíveis,caso às possua,na entrada USB. ( pendrive,mp3,mp4,iPods,etc... )

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

c:\windows\DUMP55f0.tmp

c:\windows\DUMP564d.tmp

c:\windows\DUMP5728.tmp

c:\windows\DUMP5747.tmp

c:\windows\DUMP563e.tmp

c:\windows\DUMP5709.tmp

C:\sqmdata01.sqm

C:\sqmnoopt01.sqm

C:\sqmdata00.sqm

C:\sqmnoopt00.sqm

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{693530bb-61ce-11f6-9b5c-001d7d873914}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1e93514-c6a3-11dc-b13a-001d7d830431}]

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

2872959479_997d4500c4_o.gif

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Tania Moraes    0

Tania Moraes
Postado

ComboFix 09-03-06.02 - Usuario 2009-03-08 12:26:34.2 - NTFSx86

Microsoft® Windows Vista™ Starter 6.0.6001.1.1252.1.1046.18.959.493 [GMT -3:00]

Executando de: c:\users\Usuario\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\Usuario\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

FILE ::

C:\sqmdata00.sqm

C:\sqmdata01.sqm

C:\sqmnoopt00.sqm

C:\sqmnoopt01.sqm

c:\windows\DUMP55f0.tmp

c:\windows\DUMP563e.tmp

c:\windows\DUMP564d.tmp

c:\windows\DUMP5709.tmp

c:\windows\DUMP5728.tmp

c:\windows\DUMP5747.tmp

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\sqmdata00.sqm

C:\sqmdata01.sqm

C:\sqmnoopt00.sqm

C:\sqmnoopt01.sqm

c:\windows\DUMP55f0.tmp

c:\windows\DUMP563e.tmp

c:\windows\DUMP564d.tmp

c:\windows\DUMP5709.tmp

c:\windows\DUMP5728.tmp

c:\windows\DUMP5747.tmp

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-08 to 2009-03-08 ))))))))))))))))))))))))))))

.

 

2030-11-21 12:27 . 2030-11-21 12:27 <DIR> d-------- c:\program files\Motorola

2030-11-21 08:18 . 2030-11-21 08:18 0 --a------ c:\windows\System32\atiicdxx.dat

2030-11-20 16:12 . 2030-11-20 15:17 <DIR> d-------- c:\windows\Panther

2030-11-20 16:11 . 2008-12-14 09:21 <DIR> d--hs---- C:\Boot

2030-11-20 16:11 . 2008-01-19 04:45 333,203 -rahs---- C:\bootmgr

2030-11-20 16:11 . 2030-11-20 16:11 8,192 -ra-s---- C:\BOOTSECT.BAK

2030-11-20 15:50 . 2008-02-12 18:34 <DIR> d-------- c:\users\Usuario\AppData\Roaming\BrOffice.org2

2030-11-20 15:49 . 2030-11-20 15:49 <DIR> d-------- c:\program files\BrOffice.org 2.2

2030-11-20 15:45 . 2008-02-14 22:13 <DIR> d-------- c:\users\All Users\Adobe

2030-11-20 15:45 . 2008-02-14 22:13 <DIR> d-------- c:\program files\Common Files\Adobe

2030-11-20 15:44 . 2030-11-20 15:44 <DIR> d-------- c:\windows\PCHEALTH

2030-11-20 15:44 . 2030-11-20 15:44 <DIR> d-------- c:\program files\MSN Messenger

2030-11-20 15:42 . 2030-11-20 15:42 <DIR> d-------- c:\program files\Alwil Software

2030-11-20 15:42 . 2003-03-18 17:20 1,060,864 --a------ c:\windows\System32\MFC71.dll

2030-11-20 15:42 . 2003-03-18 16:14 499,712 --a------ c:\windows\System32\MSVCP71.dll

2030-11-20 15:42 . 2003-02-21 01:42 348,160 --a------ c:\windows\System32\MSVCR71.dll

2030-11-20 15:34 . 2006-10-27 05:26 69,632 --a------ c:\windows\System32\vuins32.dll

2030-11-20 15:33 . 2007-04-16 00:05 356,352 --a------ c:\windows\System32\VIAPropPageExt.dll

2030-11-20 15:33 . 2007-04-16 00:13 73,216 --a------ c:\windows\System32\VIASysFx.dll

2030-11-20 15:31 . 2030-11-20 15:33 <DIR> d-------- c:\program files\VIA

2030-11-20 15:31 . 2030-11-20 15:32 <DIR> d-------- c:\program files\S3

2030-11-20 15:31 . 2008-07-09 19:03 <DIR> d--h----- c:\program files\InstallShield Installation Information

2030-11-20 15:30 . 2009-03-02 22:51 <DIR> d--hs---- c:\windows\Installer

2030-11-20 15:30 . 2008-07-09 19:03 <DIR> d-------- c:\program files\Common Files\InstallShield

2030-11-20 15:29 . 2030-11-20 15:29 15,600 --a------ c:\windows\gdrv.sys

2030-11-20 15:15 . 2009-03-07 14:50 <DIR> d-------- c:\windows\System32\catroot2

2030-11-20 15:14 . 2009-02-13 11:02 <DIR> d-------- c:\windows\Debug

2009-03-08 12:19 . 2009-03-08 12:00 401,720 --a------ C:\HiJackThis.exe

2009-03-07 14:57 . 2008-12-16 00:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL

2009-03-07 14:57 . 2008-12-16 02:31 7,680 --a------ c:\windows\System32\spwmp.dll

2009-03-07 14:57 . 2008-12-16 02:31 4,096 --a------ c:\windows\System32\msdxm.ocx

2009-03-07 14:57 . 2008-12-16 02:31 4,096 --a------ c:\windows\System32\dxmasf.dll

2009-03-02 22:50 . 2009-03-02 22:50 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2009-03-01 20:37 . 2009-03-01 21:44 <DIR> d-------- c:\users\Usuario\AppData\Roaming\SUPERAntiSpyware.com

2009-03-01 20:37 . 2009-03-01 20:37 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com

2009-03-01 20:37 . 2009-03-01 20:37 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com

2009-03-01 20:37 . 2009-03-01 21:44 <DIR> d-------- c:\program files\SUPERAntiSpyware

2009-02-23 22:52 . 2009-02-23 22:52 90 --a------ c:\windows\wininit.ini

2009-02-23 22:02 . 2009-02-23 22:02 <DIR> d-------- c:\users\Usuario\AppData\Roaming\Malwarebytes

2009-02-23 22:02 . 2009-02-23 22:02 <DIR> d-------- c:\users\All Users\Malwarebytes

2009-02-23 22:02 . 2009-02-23 22:02 <DIR> d-------- c:\programdata\Malwarebytes

2009-02-19 13:05 . 2008-06-19 22:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll

2009-02-19 13:05 . 2008-06-19 22:14 622,080 --a------ c:\windows\System32\icardagt.exe

2009-02-19 13:05 . 2008-06-19 22:14 326,160 --a------ c:\windows\System32\PresentationHost.exe

2009-02-19 13:05 . 2008-06-19 22:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll

2009-02-19 13:05 . 2008-06-19 22:14 97,800 --a------ c:\windows\System32\infocardapi.dll

2009-02-19 13:05 . 2008-06-19 22:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll

2009-02-19 13:05 . 2008-06-19 22:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl

2009-02-19 13:05 . 2008-06-19 22:14 11,264 --a------ c:\windows\System32\icardres.dll

2009-02-19 12:46 . 2008-07-27 15:03 282,112 --a------ c:\windows\System32\mscoree.dll

2009-02-19 12:46 . 2008-07-27 15:03 96,760 --a------ c:\windows\System32\dfshim.dll

2009-02-19 12:46 . 2008-07-27 15:03 41,984 --a------ c:\windows\System32\netfxperf.dll

2009-02-19 12:45 . 2008-07-27 15:03 158,720 --a------ c:\windows\System32\mscorier.dll

2009-02-19 12:44 . 2008-07-27 15:03 83,968 --a------ c:\windows\System32\mscories.dll

2009-02-13 10:45 . 2009-02-13 10:45 <DIR> d-------- c:\program files\CCleaner

2009-02-11 22:31 . 2009-01-15 00:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb

2009-02-11 22:31 . 2009-01-15 03:11 827,392 --a------ c:\windows\System32\wininet.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2030-11-20 18:25 --------- d-sh--w c:\programdata\Modelos

2030-11-20 18:25 --------- d-sh--w c:\programdata\Menu Iniciar

2030-11-20 18:25 --------- d-sh--w c:\programdata\Favoritos

2030-11-20 18:25 --------- d-sh--w c:\programdata\Documentos

2030-11-20 18:25 --------- d-sh--w c:\programdata\Dados de aplicativos

2030-11-20 18:25 --------- d-sh--w c:\program files\Common Files\Sistema

2030-11-20 18:25 --------- d-sh--w c:\program files\Arquivos Comuns

2009-03-08 02:25 --------- d-----w c:\programdata\Spybot - Search & Destroy

2009-03-08 01:27 --------- d-----w c:\users\Usuario\AppData\Roaming\AVG7

2009-03-08 01:27 --------- d-----w c:\programdata\avg7

2009-02-13 00:12 --------- d-----w c:\programdata\McAfee

2009-02-12 11:56 --------- d-----w c:\program files\Windows Mail

2009-02-08 02:14 --------- d-----w c:\program files\Google

2009-02-06 00:08 --------- d-----w c:\programdata\SiteAdvisor

2009-02-06 00:07 --------- d-----w c:\program files\Yahoo!

2009-02-05 20:22 --------- d-----w c:\users\Usuario\AppData\Roaming\Yahoo!

2009-01-22 17:51 --------- d-----w c:\programdata\eMule

2009-01-22 17:50 --------- d-----w c:\program files\DreaMule

2009-01-10 23:36 --------- d-----w c:\program files\K-Lite Codec Pack

2009-01-04 21:22 2,560 ----a-w c:\windows\_MSRSTRT.EXE

2008-12-14 12:21 174 --sha-w c:\program files\desktop.ini

2008-12-13 23:14 82,432 ----a-w c:\windows\System32\axaltocm.dll

2008-12-13 23:14 101,888 ----a-w c:\windows\System32\ifxcardm.dll

2008-12-23 01:21 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll

2008-12-23 01:21 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll

2008-12-23 01:21 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll

2008-12-23 01:21 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll

2008-12-23 01:21 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll

2008-04-12 14:37 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-04-12 14:37 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-04-12 14:37 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

((((((((((((((((((((((((((((( SnapShot@2009-03-07_22.42.53,83 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-03-08 01:34:47 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-03-08 13:32:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-03-08 01:34:47 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-03-08 13:32:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-03-08 01:36:30 1,572,864 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-03-08 14:38:04 1,572,864 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

- 2009-03-08 01:36:25 1,572,864 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-03-08 13:33:40 1,572,864 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

- 2009-03-08 01:31:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-03-08 15:24:04 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-03-08 01:31:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-03-08 15:24:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-03-08 01:31:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-03-08 15:24:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-03-07 17:19:01 100,718 ----a-w c:\windows\System32\perfc009.dat

+ 2009-03-08 15:20:54 100,718 ----a-w c:\windows\System32\perfc009.dat

- 2009-03-07 17:19:01 585,914 ----a-w c:\windows\System32\perfh009.dat

+ 2009-03-08 15:20:54 585,914 ----a-w c:\windows\System32\perfh009.dat

- 2009-03-07 17:19:01 121,294 ----a-w c:\windows\System32\prfc0416.dat

+ 2009-03-08 15:20:54 121,294 ----a-w c:\windows\System32\prfc0416.dat

- 2009-03-07 17:19:01 632,766 ----a-w c:\windows\System32\prfh0416.dat

+ 2009-03-08 15:20:54 632,766 ----a-w c:\windows\System32\prfh0416.dat

- 2009-03-07 14:50:03 11,042 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2268360908-2834753363-3927342379-1000_UserData.bin

+ 2009-03-08 13:33:55 11,042 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2268360908-2834753363-3927342379-1000_UserData.bin

- 2009-03-07 14:50:03 56,648 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-03-08 13:33:55 56,648 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-03-08 01:32:09 37,268 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-03-08 13:33:54 37,276 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]

"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [bU]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [bU]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\program files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe" [2007-05-11 1183744]

"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDFSTab"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDFSTab"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.3iv2"= 3ivxVfWCodec.dll

"VIDC.HFYU"= huffyuv.dll

"VIDC.VP31"= vp31vfw.dll

 

[HKLM\~\startupfolder\C:^Users^Usuario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BrOffice.org 2.2.lnk]

path=c:\users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BrOffice.org 2.2.lnk

backup=c:\windows\pss\BrOffice.org 2.2.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2008-01-19 04:38 1008184 c:\program files\Windows Defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]

--a------ 2007-04-25 04:41 176128 c:\windows\System32\s3trayp.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{33D16255-A120-40AA-BC0F-7BFAB895DB9E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{03E1D123-D86A-4022-BC2A-A6081EBF2A59}"= UDP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe

"{91878CFB-94CF-4D52-8015-B62AB0757397}"= TCP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe

"{729D6D5E-3AD2-44DA-AF2A-B395BF70156C}"= UDP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe

"{066AE564-F463-42DA-B6D2-4CF22C006058}"= TCP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe

"{AF527968-5124-4084-A28E-7FF0383C6ABE}"= UDP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe

"{A246CD8D-E0C4-47EC-90CB-E814A25039A0}"= TCP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe

"{27CDDDE2-7BBE-4BC7-8D33-310EF72266E3}"= UDP:c:\program files\Grisoft\AVG7\avgemc.exe:avgemc.exe

"{D62C21EE-6175-4B84-9FDE-64E4D578303B}"= TCP:c:\program files\Grisoft\AVG7\avgemc.exe:avgemc.exe

"{1D6C0E74-70FA-4DA6-B7A9-B370E3709BC0}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{B277B91B-4D12-4956-A6D9-25E4F13C094F}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{36439666-43DA-4896-9BAF-1519730D2BBB}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{766F51F8-0B40-461F-BC0E-7628799FCE10}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{F8369C61-B6D6-4937-A4DC-B549967C4EC7}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{D6BDE340-CFD9-4C9E-A5F4-992423AD77CD}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil

"{B96E135E-D90E-4919-BD97-A768357DF478}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil

"TCP Query User{F15BF12F-A47C-42C4-B178-2318DCC26A70}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{84C0BD05-1194-48AF-B233-151793F6B499}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{FEEBA25E-1AF3-4F60-8D2F-93F7A963325B}c:\\program files\\dreamule\\emule.exe"= UDP:c:\program files\dreamule\emule.exe:Dreamule

"UDP Query User{DB56FB12-17C2-454D-BDB0-471258C0EF4D}c:\\program files\\dreamule\\emule.exe"= TCP:c:\program files\dreamule\emule.exe:Dreamule

 

R0 ViBus;ViBus;c:\windows\System32\drivers\ViBus.sys [2030-11-20 16896]

R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\System32\drivers\ViPrt.sys [2030-11-20 52224]

R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\System32\drivers\fetnd6v.sys [2008-09-22 43520]

R3 S3GIGP;S3GIGP;c:\windows\System32\drivers\VTGKModeDX32.sys [2030-11-20 864256]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2006-11-02 167936]

 

--- ---

 

*Deregistered* - sptd

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.uol.com.br/

IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.18\AMVConverter\grab.html

IE: Crawler Search

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\aajen6ge.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br/

FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60327&qkw=

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-08 12:29:20

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\program files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1????????????????????????????????????????????????????????

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2009-03-08 12:31:43

ComboFix-quarantined-files.txt 2009-03-08 15:31:40

 

Pré-execução: 38.428.237.824 bytes disponíveis

Pós execução: 38,395,879,424 bytes disponíveis

 

273 --- E O F --- 2009-03-07 18:00:26

Compartilhar este post

Link para o post
Compartilhar em outros sites

Tania Moraes    0

Tania Moraes
Postado

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:45:13, on 08/03/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Windows\Explorer.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

C:\HiJackThis.exe

C:\Windows\system32\DllHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 5757 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! Tania Moraes

 

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<><><><><><><><><><><><><><><><>

<@> Baixe: < malwarebyte.pngalwarebytes >

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><><><><><><><>

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Tania Moraes    0

Tania Moraes
Postado

Nossa já fiz tudo o que você mandou e não resolveu. Vou tentar esse ultimo

----------------------------------

alwarebytes' Anti-Malware 1.34

Versão do banco de dados: 1829

Windows 6.0.6001 Service Pack 1

 

09/03/2009 20:17:50

mbam-log-2009-03-09 (20-17-50).txt

 

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 135795

Tempo decorrido: 1 hour(s), 34 minute(s), 18 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

Compartilhar este post

Link para o post
Compartilhar em outros sites

Tania Moraes    0

Tania Moraes
Postado

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:20:22, on 09/03/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

C:\HiJackThis.exe

C:\Windows\system32\DllHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 6462 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! Tania Moraes

 

<!> Não há traços do Trojan.Vundo em seu computador! :thumbsup:

<><><><><><><><><><>

<!> Estando tudo Ok,crie um ponto limpo de Restauração do Sistema.

<!> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema.

<!> Marque: Desativar Restauração do Sistema --> Aplicar --> Ok.

<!> Depois,desmarque novamente! --> Aplicar --> Ok.

<!> Para maiores detalhes,leia o Tutorial: < Link >

<><><><><><><><><><>

<!> O log está limpo!

<!> O seu antivírus,ainda,detecta o Vundo?

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado
Olá não é meu antivirus que aponta é spybot, ele diz que não pode excluir

<><><><><><><><><>

Opa! Tania Moraes

 

<!> Isso pode denotar um Falso positivo,do seu antispyware.

<!> Qual o diretório ou ficheiro,que o Spybot aponta como infectados?

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Tania Moraes    0

Tania Moraes
Postado

O spybot acusa que tem uma entrada do virtumonde aqui:

C:\\Windows\System32\zipfldr.dll

 

Depois que termina de scanear, ele pede pra apertar o botão "corrigir os problemas selecionados", mas quando eu clico aparece a seguinte mensagem:

"This action may not be performed completely since you are not an administrador. If you want this performed for all users, please rum this application elevated as an administrador".

 

Depois aparece essa mensagem de erro, e simplesmente não exclui.

" Unexpected error in fixing problems (cannot create file C:\\Windows\wininit.ini. Acesso negado"

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

voce deve esta usando o vista

 

quando for iniciar o spybot clique com o botao direito e clique em

 

Executar como Administrador

 

assim poderá usar a ferramenta de forma adequada

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado
O spybot acusa que tem uma entrada do virtumonde aqui:

C:\\Windows\System32\zipfldr.dll

 

Depois que termina de scanear, ele pede pra apertar o botão "corrigir os problemas selecionados", mas quando eu clico aparece a seguinte mensagem:

"This action may not be performed completely since you are not an administrador. If you want this performed for all users, please rum this application elevated as an administrador".

 

Depois aparece essa mensagem de erro, e simplesmente não exclui.

" Unexpected error in fixing problems (cannot create file C:\\Windows\wininit.ini. Acesso negado"

<><><><><><><><><>

Opa! Tania Moraes

 

<!> O ficheiro é legítimo!

 

< http://www.processlibrary.com/directory/files/zipfldr/ >

 

<!> Podemos te-lo infectado pelo Vundo ou Falso positivo do Spybot.

<!> Faça um scan,de desinfecção,com o DrWebCureit na certificação desta ou de outra infecção.

<><><><><><><><><>

<@> Baixe: < drweb.gif >

<@> Salve-o no desktop!

<@> Reinicie o computador em Modo de Segurança.

<@> Inicie a instalação/execução,com um duplo-clique em drweb-cureit.

<@> Na janela que abrir,clique em Iniciar --> OK.

<@> Será dado início a "Verificação rápida" --> Feche a janela de propaganda!

<@> Terminando,marque a caixa de "Verificação Completa".

<@> Click em "Options" --> Em Change settings,desmarque a "Heuristic analysis".

 

Neste modo são verificados os seguintes objectos:

 

* Sectores de Arranque de Todos os Discos. <--

 

* Todas as Unidades Removíveis. <--

 

* Todos os Discos Locais. <--

<@> Clique em "Iniciar verificação" --> Aguarde!

<@> Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim.

<@> Terminando,clique em "Ficheiro" --> "Guardar lista de relatórios".

<@> Procure salvá-lo em um local adequado. ( DrWeb.csv ) <-- Texto!

<@> Poste: DrWeb.csv <--

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Tania Moraes    0

Tania Moraes
Postado

Oi eu passei o programa acima, mas quando cliquei pra guardar relatorios, o meu pc reiniciou. E perdi os relatorios.

Mas ele pegou dois objetos infectados, estou passando o spybot pra vê se sumiu.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Tania Moraes    0

Tania Moraes
Postado

Conseguir o relatório:

 

RegUBP2b-Usuario.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2 Trojan.StartPage.1505 Eliminado.

 

 

PSEXESVC.EXE C:\Documents and Settings\Usuario\DoctorWeb\Quarantine Program.PsExec.170

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito