[Arquivado] Não consigo instalar nenhum antivirus .

[Beatriz Vittorazzi 0]

Formatei meu pc a menos de ujm mês, instalei o antivirus AVG ultima versão, este por sua vez estava detectando todos os arquivos EXE como virus, como vi isto a tempo não deletei os arquivos e deletei o antivirus, fui tentar instalar outro, no caso o AVAST, não consigui, vim a este forum e vi problemas parecidos com o meu, tentei detectar o o problema, vi que não consiguia entrar em modo de segurança, não consigo abrir o gerenciador de tarefas que diz que foi desabilitado pelo administrador e por ultimo tentei seguir os procedimentos neste tópico http://forum.imasters.com.br/index.php?showtopic=246801

Removendo a versão Bagle com Rootkit - Versão 02.

 

Porem quando cheguei na parte de: Execute a ferramenta de correção. Para isto dê um clique-direito sobre UnHookExec.inf contido em seu desktop e depois clique em instalar.

 

Vá em Iniciar -> Executar -> digite regedit -> dê Ok. Quando digito regedit, aparece uma mensagem dizendo:A edição do registro foi desativa pelo administrador.

 

Ficarei eternamente grata a quem puder me ajudar, desde já agradeço.

[DigRam 144]

Boa Tarde! Beatriz Vittorazzi

 

<!> Desinstale o EliBagla. --> Delete seu executável ou relatório!

<><><><><><><><><><>

 

<!> Poste o log do HijackThis,segundo este Tutorial.

 

< Regra Nº 02 - Utilizando O Hijackthis. LEIA ANTES DE POSTAR! >

<><><><><><><><><><>

<@> Baixe: < FindyKill > ( ...par Chiquitine29 )

<@> Salve-a em Arquivos de Programas!

<@> Feche programas que estejam abertos.

<@> Desabilite a proteção residente de antivírus e antispywares.

<@> Ps: A detecção dessa ferramenta,por antivírus,é um falso positivo!

<@> Instale a ferramenta,e aceite todas as condições pedidas.

<@> Terminando;execute a ferramenta com um duplo-clique,em: C:\Arquivos de Programas\FindyKill\FindyKill.bat <--

<@> No prompt,aperte o C. --> Enter. <-- Opção de linguas!

<@> À seguir,aperte o 2. ( "Eliminar los ficheros infectados" )

<@> Aperte Enter --> O computador vai reiniciar,por duas vezes! --> Aguarde!

<@> Terminando,clique em uma área vazia do prompt! --> Aperte Enter.

<@> Abrir-se-à o Bloco de Notas,com o relatório: C:\FindyKill.txt <-- Rapport!

 

Abraços!

[Beatriz Vittorazzi 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:03:10, on 24/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\S3trayp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\vsnpstd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 5862 bytes

[Beatriz Vittorazzi 0]

############################## [ FindyKill V4.720 ]

 

# User : BIA (Administradores) # BIA-EBA9885F4DF

# Update on 22/03/09 by Chiquitine29

# Start at: 15:14:29 | 24/3/2009

# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

 

# Processador Intel Pentium II

# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

# Internet Explorer 6.0.2900.5512

# Windows Firewall Status : Disabled

 

# C:\ # Disco fixo local # 149,04 Go (129,94 Go free) # NTFS

# D:\ # Disco CD-ROM # 27,2 Mo (0 Mo free) [Aplicativos] # CDFS

# E:\ # Disco CD-ROM # 9,2 Mo (0 Mo free) [Claro] # CDFS

 

############################## [ Active Processes ]

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\S3trayp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\vsnpstd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Claro\Claro.exe

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

################## [ Infected Files / Folders C:\ ]

 

 

################## [ C:\WINDOWS ]

 

 

################## [ C:\WINDOWS\system32 ]

 

 

################## [ C:\WINDOWS\system32\drivers ]

 

 

################## [ C:\.. Application Data ... ]

 

 

################## [ Registry / Infected keys ]

 

 

################## [ Cleaning Removable drives ]

 

# Deleting files :

 

Not deleted !! - E:\autorun.inf

 

################## [ Registry / Mountpoint2 ]

 

# -> Not found !

 

################## [ Searching Other Infections ]

 

# -> Nothing found.

 

################## [ ! End of Report # FindyKill V4.720 ! ]

 

 

 

 

Fiz todo o procedimento recomendado e nada adiantou continuo com os mesmos problemas.

[DigRam 144]

Boa Tarde! Beatriz Vittorazzi

 

<@> Baixe: < FixPolicies >

<@> Salve-o no Desktop!

<@> Esteja logado como Administrador.

<@> Execute o arquivo FixPolicies.exe,com um duplo-clique.

<@> Clique em Install.

<@> Abra a pasta FixPolicies --> Clique em Fix_policies.cmd --> Enter.

<@> Dê permissão ao reparo,caso seja negada por programas de proteção.

<@> Aguarde o término da verificação!

<><><><><><><><><><><>

<@> Baixe: < > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Beatriz Vittorazzi 0]

Caro DiRAN, fiz todo o precedimento que foi aconselhado aqui vão os relatórios, porem com uma falha, ao tentar executar o programa do fix policies ele abre mas fecha rapidamente nao conseguindo executar, mas fiz os outros procedimentos assim mesmo e vou posta -los abaixo, obrigada por estar me ajudando.

 

ComboFix 09-03-23.01 - BIA 2009-03-25 10:56:16.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.958.664 [GMT -3:00]

Executando de: c:\documents and settings\BIA\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_DAC970NT

-------\Legacy_GBPSV

-------\Service_dac970nt

-------\Service_GbpSv

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-25 to 2009-03-25 ))))))))))))))))))))))))))))

.

 

2009-03-24 15:12 . 2009-03-24 20:42 <DIR> d-------- c:\arquivos de programas\FindyKill

2009-03-24 15:11 . 2009-03-24 15:11 1,391,493 --a------ c:\arquivos de programas\FindyKill.exe

2009-03-24 14:56 . 2009-03-24 14:56 471,352 --a------ C:\HiJackThis.exe

2009-03-23 22:45 . 2009-03-23 22:45 <DIR> d-------- c:\documents and settings\BIA\Dados de aplicativos\Malwarebytes

2009-03-23 22:45 . 2009-03-23 22:45 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-03-23 22:45 . 2009-03-23 22:45 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-03-23 22:45 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-23 22:45 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-03-23 20:41 . 2009-03-23 20:41 <DIR> d-------- C:\!KillBox

2009-03-23 20:29 . 2009-03-23 20:31 <DIR> d-------- c:\arquivos de programas\Microsoft Windows OneCare Live

2009-03-23 20:15 . 2009-03-24 13:49 <DIR> d-------- c:\arquivos de programas\Windows Live Safety Center

2009-03-22 16:05 . 2009-03-22 16:05 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2009-03-22 13:20 . 2008-08-14 10:24 2,193,408 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-03-22 13:20 . 2008-08-14 10:24 2,149,376 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-03-22 13:20 . 2008-08-14 10:24 2,070,272 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-03-22 13:20 . 2008-08-14 10:24 2,028,032 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2009-03-22 13:18 . 2008-10-24 08:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-03-22 13:05 . 2008-06-14 14:34 272,384 --------- c:\windows\system32\drivers\bthport.sys

2009-03-22 13:05 . 2008-06-14 14:34 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-03-22 12:00 . 2009-03-22 16:07 <DIR> d--h----- c:\windows\$hf_mig$

2009-03-22 12:00 . 2005-02-25 00:34 22,752 --a------ c:\windows\system32\spupdsvc.exe

2009-03-21 19:49 . 2009-03-21 19:49 <DIR> d-------- c:\arquivos de programas\Alwil Software

2009-03-21 12:58 . 2009-03-21 13:05 <DIR> d--h----- C:\$AVG8.VAULT$

2009-03-21 12:53 . 2009-03-21 13:09 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-03-21 11:34 . 2009-03-23 14:32 <DIR> d-a------ c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-03-19 12:57 . 2009-03-19 12:57 <DIR> d-------- c:\arquivos de programas\Microsoft Silverlight

2009-03-19 12:23 . 2008-04-13 19:21 91,648 --a------ c:\windows\system32\kswdmcap.ax

2009-03-19 12:23 . 2008-04-13 19:21 91,648 --a--c--- c:\windows\system32\dllcache\kswdmcap.ax

2009-03-19 12:23 . 2008-04-13 19:21 61,952 --a------ c:\windows\system32\kstvtune.ax

2009-03-19 12:23 . 2008-04-13 19:21 61,952 --a--c--- c:\windows\system32\dllcache\kstvtune.ax

2009-03-19 12:23 . 2008-04-13 19:20 54,784 --a------ c:\windows\system32\vfwwdm32.dll

2009-03-19 12:23 . 2008-04-13 19:20 54,784 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll

2009-03-19 12:23 . 2008-04-13 19:21 43,008 --a------ c:\windows\system32\ksxbar.ax

2009-03-19 12:23 . 2008-04-13 19:21 43,008 --a--c--- c:\windows\system32\dllcache\ksxbar.ax

2009-03-19 12:23 . 2008-04-13 19:21 28,672 --a------ c:\windows\system32\vidcap.ax

2009-03-19 12:23 . 2008-04-13 19:21 28,672 --a--c--- c:\windows\system32\dllcache\vidcap.ax

2009-03-19 12:23 . 2008-04-13 11:46 17,024 --a------ c:\windows\system32\drivers\CCDECODE.sys

2009-03-19 12:23 . 2008-04-13 11:46 17,024 --a--c--- c:\windows\system32\dllcache\ccdecode.sys

2009-03-19 12:18 . 2009-03-19 12:18 <DIR> d-------- c:\windows\Album

2009-03-19 12:18 . 2009-03-19 12:18 <DIR> d-------- c:\arquivos de programas\VideoCAM Eye

2009-03-19 12:18 . 2009-03-19 12:18 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\VCAMEye

2009-03-19 12:18 . 2005-06-20 21:27 390,912 --a------ c:\windows\system32\drivers\snpstd.sys

2009-03-19 12:18 . 2004-06-10 13:48 364,544 --a------ c:\windows\vsnpstd.exe

2009-03-19 12:18 . 2005-04-15 06:20 98,304 --a------ c:\windows\system32\rsnpstd.dll

2009-03-19 12:18 . 2004-02-16 13:59 61,440 --a------ c:\windows\system32\csnpstd.dll

2009-03-19 12:18 . 2004-05-06 11:22 53,248 --a------ c:\windows\system32\dsnpstd.dll

2009-03-19 12:18 . 2004-09-24 10:58 36,864 --a------ c:\windows\system32\vsnpstd.dll

2009-03-19 12:18 . 2005-05-30 23:09 36,864 --a------ c:\windows\system32\dsnpstd.ax

2009-03-19 12:18 . 2003-01-17 17:34 15,541 --a------ c:\windows\snpstd.ini

2009-03-19 12:18 . 2003-01-17 17:35 13,023 --a------ c:\windows\snpstd.src

2009-03-17 16:30 . 2009-03-17 16:30 <DIR> d-------- c:\windows\system32\EXP

2009-03-17 16:30 . 2009-03-17 16:30 <DIR> d-------- c:\arquivos de programas\Expstudio

2009-03-17 16:30 . 2009-03-17 16:30 161,322 --a------ c:\windows\Expstudio Audio Editor FREE Uninstaller.exe

2009-03-17 15:08 . 2009-03-17 15:09 <DIR> d-------- c:\arquivos de programas\EPSON

2009-03-17 15:03 . 2009-03-17 15:03 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2009-03-17 15:03 . 2003-06-23 02:44 1,415,680 --a------ c:\windows\system32\WMV9VCM.dll

2009-03-17 15:03 . 2006-09-01 16:14 65,536 --a------ c:\windows\system32\QuickTimeVR.qtx

2009-03-17 15:03 . 2006-09-01 16:14 49,152 --a------ c:\windows\system32\QuickTime.qts

2009-03-17 14:56 . 2009-03-17 14:56 <DIR> d-------- c:\documents and settings\Domagoj

2009-03-17 14:56 . 2009-03-17 14:56 <DIR> d-------- c:\arquivos de programas\Gabest

2009-03-17 14:50 . 2009-03-24 18:27 <DIR> d-------- c:\arquivos de programas\SharpArchiver

2009-03-17 13:47 . 2009-03-17 13:47 <DIR> d---s---- c:\documents and settings\BIA\UserData

2009-03-17 00:58 . 2009-03-25 10:58 <DIR> d-------- c:\documents and settings\BIA\Tracing

2009-03-17 00:58 . 2009-03-17 00:58 <DIR> d-------- c:\arquivos de programas\Microsoft Office Outlook Connector

2009-03-17 00:55 . 2009-03-17 00:55 <DIR> d-------- c:\arquivos de programas\Microsoft Sync Framework

2009-03-17 00:54 . 2009-03-17 00:54 <DIR> d-------- c:\arquivos de programas\Microsoft SQL Server Compact Edition

2009-03-17 00:54 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll

2009-03-17 00:53 . 2009-03-17 00:53 <DIR> d-------- c:\arquivos de programas\Windows Live SkyDrive

2009-03-17 00:53 . 2009-03-17 00:57 <DIR> d-------- c:\arquivos de programas\Windows Live

2009-03-17 00:53 . 2009-03-17 00:58 <DIR> d-------- c:\arquivos de programas\Microsoft

2009-03-16 22:14 . 2009-03-16 22:14 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-03-16 20:59 . 2009-03-10 17:05 26,320 --a------ c:\windows\system32\drivers\gbpkm.sys

2009-03-16 20:58 . 2009-03-22 19:21 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-03-16 20:58 . 2009-03-21 18:06 <DIR> d-------- c:\arquivos de programas\GbPlugin

2009-03-16 20:02 . 2009-03-16 20:02 268 --ah----- C:\sqmdata02.sqm

2009-03-16 20:02 . 2009-03-16 20:02 244 --ah----- C:\sqmnoopt02.sqm

2009-03-16 20:02 . 2009-03-16 20:02 148 --ah----- C:\sqmdata03.sqm

2009-03-16 20:02 . 2009-03-16 20:02 136 --ah----- C:\sqmnoopt03.sqm

2009-03-16 19:59 . 2009-03-16 19:59 <DIR> d-------- c:\documents and settings\BIA\Contacts

2009-03-16 19:56 . 2007-08-24 19:45 101,120 -ra------ c:\windows\system32\drivers\ewusbmdm.sys

2009-03-16 19:56 . 2008-04-13 11:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys

2009-03-16 19:56 . 2008-04-13 11:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys

2009-03-16 19:56 . 2007-08-24 19:45 24,448 -ra------ c:\windows\system32\drivers\ewdcsc.sys

2009-03-16 19:55 . 2009-03-16 19:56 <DIR> d-------- c:\arquivos de programas\Claro

2009-03-16 18:38 . 2009-03-16 18:38 268 --ah----- C:\sqmdata01.sqm

2009-03-16 18:38 . 2009-03-16 18:38 244 --ah----- C:\sqmnoopt01.sqm

2009-03-16 18:28 . 2009-03-23 16:08 69 --a------ c:\windows\NeroDigital.ini

2009-03-16 18:27 . 2009-03-16 18:28 <DIR> d-------- c:\documents and settings\BIA\Dados de aplicativos\Media Player Classic

2009-03-16 18:25 . 2009-03-16 18:25 268 --ah----- C:\sqmdata00.sqm

2009-03-16 18:25 . 2009-03-16 18:25 244 --ah----- C:\sqmnoopt00.sqm

2009-03-16 18:21 . 2009-03-16 18:21 <DIR> d-------- c:\documents and settings\BIA\Dados de aplicativos\Ahead

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-22 13:36 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-03-21 15:59 1,900,544 ----a-w c:\windows\SkyTel.exe

2009-03-19 15:18 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-03-17 18:03 --------- d-----w c:\arquivos de programas\K-Lite Codec Pack

2009-03-16 20:58 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-03-16 20:54 --------- d-----w c:\arquivos de programas\MSBuild

2009-03-16 20:54 --------- d-----w c:\arquivos de programas\Microsoft Works

2009-03-16 20:49 646,392 ----a-w c:\windows\system32\drivers\sptd.sys

2009-03-16 20:48 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Ahead

2009-03-16 20:47 --------- d-----w c:\arquivos de programas\Arquivos comuns\Ahead

2009-03-16 20:45 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Nero

2009-03-16 20:45 --------- d-----w c:\arquivos de programas\Nero

2009-03-16 20:35 315,392 ----a-w c:\windows\HideWin.exe

2009-03-16 20:35 --------- d-----w c:\arquivos de programas\Realtek

2009-03-16 20:31 --------- d-----w c:\arquivos de programas\S3

2009-03-16 20:31 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

2009-03-16 20:25 --------- d-----w c:\arquivos de programas\microsoft frontpage

2009-03-16 20:24 --------- d-----w c:\arquivos de programas\Serviços on-line

2009-03-16 20:23 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2009-02-09 14:06 1,846,912 ----a-w c:\windows\system32\win32k.sys

2009-02-06 22:14 308,088 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 21:52 49,504 ----a-w c:\windows\system32\sirenacm.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-03-21 3952128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 104744]

"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 364544]

"VTTimer"="VTTimer.exe" [2006-09-21 c:\windows\system32\VTTimer.exe]

"S3Trayp"="S3trayp.exe" [2007-06-11 c:\windows\system32\S3Trayp.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 c:\windows\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-03-10 17:03 421168 c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"UacDisableNotify"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Nero\\Nero 7\\InCD\\InCD.exe"=

"c:\\Arquivos de programas\\Nero\\Nero 7\\InCD\\NBHGui.exe"=

"c:\\WINDOWS\\SkyTel.EXE"=

"c:\\WINDOWS\\system32\\userinit.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Claro\\Claro.exe"=

"c:\\Arquivos de programas\\Windows Live\\Toolbar\\wltuser.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\WINWORD.EXE"=

"c:\\Arquivos de programas\\Microsoft\\Office Live\\OfficeLiveSignIn.exe"=

"c:\\WINDOWS\\system32\\wuauclt.exe"=

"c:\\WINDOWS\\system32\\VTTimer.exe"=

"c:\\Arquivos de programas\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe"=

"c:\\WINDOWS\\system32\\S3trayp.exe"=

"c:\\WINDOWS\\vsnpstd.exe"=

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2009-03-16 26320]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-03-16 13696]

R2 SeaPort;SeaPort;c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2007-07-11 714240]

 

--- ---

 

*NewlyCreated* - DAC970NT

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\AutoRun.exe

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-25 10:58:47

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(776)

c:\arquivos de programas\GbPlugin\gbieh.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

c:\windows\system32\wdfmgr.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-03-25 11:00:31 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-03-25 14:00:28

 

Pré-execução: 12 pasta(s) 139.348.676.608 bytes disponíveis

Pós execução: 12 pasta(s) 139,519,336,448 bytes disponíveis

 

235 --- E O F --- 2009-03-22 19:07:58

----------------------------

Relatório do hjackthis.log

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:05:03, on 25/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\S3trayp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\Arquivos de programas\Claro\Claro.exe

C:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4824FAF5-BA20-4BF4-83C0-722433EB6D63}: NameServer = 200.169.118.22 200.169.119.22

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 6209 bytes

[DigRam 144]

Boa Tarde! Beatriz Vittorazzi

 

<!> Removeremos resquícios de antivírus,que costumam impedir algumas instalações.

<!> Ao final dos procedimentos,será instalado o Avira.

<><><><><><><><><><>

<@> Copie estas informações,entre os XXXXXXX....,para o Bloco de Notas.

<@> Salve-as,no desktop,como: CFScript <-- Texto!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

File::

c:\arquivos de programas\FindyKill.exe

E:\AutoRun.exe

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 0 (0x1)

"DisableRegistryTools"= 0 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000000

"FirewallOverride"=dword:00000000

"UacDisableNotify"=dword:00000000

"AntiVirusDisableNotify"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000000

"AntiVirusDisableNotify"=dword:00000000

"FirewallDisableNotify"=dword:00000000

"FirewallOverride"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

"UacDisableNotify"=dword:00000000

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1 (0x0)

Rootkit::

c:\windows\system32\drivers\BIOS.sys

Folder::

c:\arquivos de programas\Alwil Software

C:\$AVG8.VAULT$

C:\!KillBox

c:\arquivos de programas\FindyKill

c:\documents and settings\All Users\Dados de aplicativos\avg8

Driver::

"BIOS"

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Arraste o CFScript.txt,para o ícone do ComboFix.

<@> Arraste-o,até que surja uma solicitação para executar o ComboFix.exe.

<@> Terminando,poste: ComboFix.txt

 

Abraços!

[Beatriz Vittorazzi 0]

Caro DigRam, fiz todo esse procedimento e continuo sem conseguir instalar o antivirus. segue abaixo o relatorio.

 

 

ComboFix 09-03-23.01 - BIA 2009-03-25 12:35:49.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.958.656 [GMT -3:00]

Executando de: c:\documents and settings\BIA\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\BIA\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

FILE ::

c:\arquivos de programas\FindyKill.exe

E:\AutoRun.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\!KillBox

c:\!killbox\Logs\kb.log

C:\$AVG8.VAULT$

c:\$avg8.vault$\V_00000001.fil

c:\$avg8.vault$\V_00000002.fil

c:\$avg8.vault$\V_00000003.fil

c:\$avg8.vault$\V_00000004.fil

c:\$avg8.vault$\V_00000005.fil

c:\$avg8.vault$\V_00000006.fil

c:\$avg8.vault$\V_00000007.fil

c:\$avg8.vault$\V_00000008.fil

c:\$avg8.vault$\V_00000009.fil

c:\$avg8.vault$\V_00000010.fil

c:\$avg8.vault$\V_00000011.fil

c:\$avg8.vault$\V_00000013.fil

c:\$avg8.vault$\V_00000014.fil

c:\$avg8.vault$\V_00000016.fil

c:\$avg8.vault$\V_00000017.fil

c:\$avg8.vault$\V_00000018.fil

c:\$avg8.vault$\V_00000019.fil

c:\$avg8.vault$\V_00000020.fil

c:\$avg8.vault$\V_00000021.fil

c:\$avg8.vault$\V_00000022.fil

c:\$avg8.vault$\V_00000023.fil

c:\$avg8.vault$\V_00000024.fil

c:\$avg8.vault$\V_00000025.fil

c:\$avg8.vault$\V_00000026.fil

c:\$avg8.vault$\V_00000027.fil

c:\$avg8.vault$\V_00000028.fil

c:\$avg8.vault$\V_00000030.fil

c:\$avg8.vault$\V_00000031.fil

c:\$avg8.vault$\V_00000032.fil

c:\$avg8.vault$\V_00000033.fil

c:\$avg8.vault$\vvfolder.idx

c:\arquivos de programas\Alwil Software

c:\arquivos de programas\Alwil Software\Avast4\Setup\av_pro_core-4d6.vpu

c:\arquivos de programas\Alwil Software\Avast4\Setup\av_pro_dll416-a6.vpu

c:\arquivos de programas\Alwil Software\Avast4\Setup\av_pro_hlp416-2b0.vpu

c:\arquivos de programas\Alwil Software\Avast4\Setup\av_pro_skins-14.vpu

c:\arquivos de programas\Alwil Software\Avast4\Setup\avast.setup

c:\arquivos de programas\Alwil Software\Avast4\Setup\avscan-360.vpu

c:\arquivos de programas\Alwil Software\Avast4\Setup\jrog-e0.vpu

c:\arquivos de programas\Alwil Software\Avast4\Setup\news409-35.vpu

c:\arquivos de programas\Alwil Software\Avast4\Setup\part-jrog-e0.vpu

c:\arquivos de programas\Alwil Software\Avast4\Setup\part-news-4e.vpu

c:\arquivos de programas\Alwil Software\Avast4\Setup\part-prg_av_pro-537.vpu

c:\arquivos de programas\Alwil Software\Avast4\Setup\part-setup_av_pro-537.vpu

c:\arquivos de programas\Alwil Software\Avast4\Setup\part-vps-9031900.vpu

c:\arquivos de programas\Alwil Software\Avast4\Setup\prod-av_pro.vpu

c:\arquivos de programas\Alwil Software\Avast4\Setup\servers.def

c:\arquivos de programas\Alwil Software\Avast4\Setup\setif_av_pro-537.vpu

c:\arquivos de programas\Alwil Software\Avast4\Setup\setiface.dll

c:\arquivos de programas\Alwil Software\Avast4\Setup\setiface.ovr

c:\arquivos de programas\Alwil Software\Avast4\Setup\setup.ini

c:\arquivos de programas\Alwil Software\Avast4\Setup\setup.ovr

c:\arquivos de programas\Alwil Software\Avast4\Setup\setup_av_pro-537.vpu

c:\arquivos de programas\Alwil Software\Avast4\Setup\vps-9031900.vpu

c:\arquivos de programas\Alwil Software\Avast4\Setup\vpsm-9031900.vpu

c:\arquivos de programas\Alwil Software\Avast4\Setup\winsys-2.vpu

c:\arquivos de programas\Alwil Software\Avast4\Setup\winsysgui-2.vpu

c:\arquivos de programas\FindyKill

c:\arquivos de programas\FindyKill.exe

c:\arquivos de programas\FindyKill\FindyKill.cmd

c:\arquivos de programas\FindyKill\Tools\7z.exe

c:\arquivos de programas\FindyKill\Tools\Fdc.reg

c:\arquivos de programas\FindyKill\Tools\fsum.exe

c:\arquivos de programas\FindyKill\Tools\FyK.ico

c:\arquivos de programas\FindyKill\Tools\FYKS.exe

c:\arquivos de programas\FindyKill\Tools\GREP.EXE

c:\arquivos de programas\FindyKill\Tools\Header.vbs

c:\arquivos de programas\FindyKill\Tools\IZARCE.exe

c:\arquivos de programas\FindyKill\Tools\Limpia

c:\arquivos de programas\FindyKill\Tools\Process.exe

c:\arquivos de programas\FindyKill\Tools\REFMD5.def

c:\arquivos de programas\FindyKill\Tools\RegB.reg

c:\arquivos de programas\FindyKill\Tools\SP2.reg

c:\arquivos de programas\FindyKill\Tools\SP3.reg

c:\arquivos de programas\FindyKill\Tools\swreg.exe

c:\arquivos de programas\FindyKill\Tools\Uac.reg

c:\arquivos de programas\FindyKill\Tools\Vista.reg

c:\arquivos de programas\FindyKill\Tools\winupgro.exe

c:\arquivos de programas\FindyKill\Uninstal.exe

c:\documents and settings\All Users\Dados de aplicativos\avg8

c:\documents and settings\All Users\Dados de aplicativos\avg8\Cfg\krnl.cfg

c:\documents and settings\All Users\Dados de aplicativos\avg8\Cfg\mail.cfg

c:\documents and settings\All Users\Dados de aplicativos\avg8\Cfg\malrep.cfg

c:\documents and settings\All Users\Dados de aplicativos\avg8\Cfg\scan.cfg

c:\documents and settings\All Users\Dados de aplicativos\avg8\Cfg\sched.cfg

c:\documents and settings\All Users\Dados de aplicativos\avg8\Cfg\update.cfg

c:\documents and settings\All Users\Dados de aplicativos\avg8\Cfg\user.cfg

c:\documents and settings\All Users\Dados de aplicativos\avg8\CfgAll\changecfgreg.cfg

c:\documents and settings\All Users\Dados de aplicativos\avg8\CfgAll\srmall.cfg

c:\documents and settings\All Users\Dados de aplicativos\avg8\CfgAll\updateall.cfg

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\avgcore.log

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\avgcore.log.lock

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\avgfrw.log

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\avgfrw.log.lock

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\avgldr.log

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\avgldr.log.lock

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\avglng.log

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\avglng.log.lock

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\avgns.log

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\avgns.log.lock

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\avgrs.log

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\avgrs.log.lock

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\avgscan.log

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\avgscan.log.lock

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\avgsched.log.lock

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\avgsrm.log

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\avgsrm.log.lock

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\avgui.log

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\avgui.log.lock

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\avgupd.log

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\avgupd.log.lock

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\avgwd.log.lock

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\avgwdsvc.log

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\avgwdsvc.log.lock

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\commonpriv.log

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\commonpriv.log.lock

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\fixcfg.log

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\fixcfg.log.lock

c:\documents and settings\All Users\Dados de aplicativos\avg8\Log\history.xml

c:\documents and settings\All Users\Dados de aplicativos\avg8\scanlogs\I_00000001.log

c:\documents and settings\All Users\Dados de aplicativos\avg8\scanlogs\I_00000005.log

c:\documents and settings\All Users\Dados de aplicativos\avg8\scanlogs\srm.idx

c:\documents and settings\All Users\Dados de aplicativos\avg8\srmcheck.tmp

c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\incavi.avm

c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\microavi.avg

c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\sb2.dat

c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\sc.dat

c:\documents and settings\All Users\Dados de aplicativos\avg8\update\prepare\incavi.avm

c:\documents and settings\All Users\Dados de aplicativos\avg8\update\prepare\sc.dat.prepare

c:\windows\system32\drivers\BIOS.sys

E:\AutoRun.exe . . . . falha na exclusão

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_BIOS

-------\Legacy_DAC970NT

-------\Service_BIOS

-------\Service_GbpSv

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-25 to 2009-03-25 ))))))))))))))))))))))))))))

.

 

2009-03-24 14:56 . 2009-03-24 14:56 471,352 --a------ C:\HiJackThis.exe

2009-03-23 22:45 . 2009-03-23 22:45 <DIR> d-------- c:\documents and settings\BIA\Dados de aplicativos\Malwarebytes

2009-03-23 22:45 . 2009-03-23 22:45 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-03-23 22:45 . 2009-03-23 22:45 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-03-23 22:45 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-23 22:45 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-03-23 20:29 . 2009-03-23 20:31 <DIR> d-------- c:\arquivos de programas\Microsoft Windows OneCare Live

2009-03-23 20:15 . 2009-03-24 13:49 <DIR> d-------- c:\arquivos de programas\Windows Live Safety Center

2009-03-22 16:05 . 2009-03-22 16:05 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2009-03-22 13:20 . 2008-08-14 10:24 2,193,408 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-03-22 13:20 . 2008-08-14 10:24 2,149,376 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-03-22 13:20 . 2008-08-14 10:24 2,070,272 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-03-22 13:20 . 2008-08-14 10:24 2,028,032 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2009-03-22 13:18 . 2008-10-24 08:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-03-22 13:05 . 2008-06-14 14:34 272,384 --------- c:\windows\system32\drivers\bthport.sys

2009-03-22 13:05 . 2008-06-14 14:34 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-03-22 12:00 . 2009-03-22 16:07 <DIR> d--h----- c:\windows\$hf_mig$

2009-03-22 12:00 . 2005-02-25 00:34 22,752 --a------ c:\windows\system32\spupdsvc.exe

2009-03-21 11:34 . 2009-03-23 14:32 <DIR> d-a------ c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-03-19 12:57 . 2009-03-19 12:57 <DIR> d-------- c:\arquivos de programas\Microsoft Silverlight

2009-03-19 12:23 . 2008-04-13 19:21 91,648 --a------ c:\windows\system32\kswdmcap.ax

2009-03-19 12:23 . 2008-04-13 19:21 91,648 --a--c--- c:\windows\system32\dllcache\kswdmcap.ax

2009-03-19 12:23 . 2008-04-13 19:21 61,952 --a------ c:\windows\system32\kstvtune.ax

2009-03-19 12:23 . 2008-04-13 19:21 61,952 --a--c--- c:\windows\system32\dllcache\kstvtune.ax

2009-03-19 12:23 . 2008-04-13 19:20 54,784 --a------ c:\windows\system32\vfwwdm32.dll

2009-03-19 12:23 . 2008-04-13 19:20 54,784 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll

2009-03-19 12:23 . 2008-04-13 19:21 43,008 --a------ c:\windows\system32\ksxbar.ax

2009-03-19 12:23 . 2008-04-13 19:21 43,008 --a--c--- c:\windows\system32\dllcache\ksxbar.ax

2009-03-19 12:23 . 2008-04-13 19:21 28,672 --a------ c:\windows\system32\vidcap.ax

2009-03-19 12:23 . 2008-04-13 19:21 28,672 --a--c--- c:\windows\system32\dllcache\vidcap.ax

2009-03-19 12:23 . 2008-04-13 11:46 17,024 --a------ c:\windows\system32\drivers\CCDECODE.sys

2009-03-19 12:23 . 2008-04-13 11:46 17,024 --a--c--- c:\windows\system32\dllcache\ccdecode.sys

2009-03-19 12:18 . 2009-03-19 12:18 <DIR> d-------- c:\windows\Album

2009-03-19 12:18 . 2009-03-19 12:18 <DIR> d-------- c:\arquivos de programas\VideoCAM Eye

2009-03-19 12:18 . 2009-03-19 12:18 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\VCAMEye

2009-03-19 12:18 . 2005-06-20 21:27 390,912 --a------ c:\windows\system32\drivers\snpstd.sys

2009-03-19 12:18 . 2004-06-10 13:48 364,544 --a------ c:\windows\vsnpstd.exe

2009-03-19 12:18 . 2005-04-15 06:20 98,304 --a------ c:\windows\system32\rsnpstd.dll

2009-03-19 12:18 . 2004-02-16 13:59 61,440 --a------ c:\windows\system32\csnpstd.dll

2009-03-19 12:18 . 2004-05-06 11:22 53,248 --a------ c:\windows\system32\dsnpstd.dll

2009-03-19 12:18 . 2004-09-24 10:58 36,864 --a------ c:\windows\system32\vsnpstd.dll

2009-03-19 12:18 . 2005-05-30 23:09 36,864 --a------ c:\windows\system32\dsnpstd.ax

2009-03-19 12:18 . 2003-01-17 17:34 15,541 --a------ c:\windows\snpstd.ini

2009-03-19 12:18 . 2003-01-17 17:35 13,023 --a------ c:\windows\snpstd.src

2009-03-17 16:30 . 2009-03-17 16:30 <DIR> d-------- c:\windows\system32\EXP

2009-03-17 16:30 . 2009-03-17 16:30 <DIR> d-------- c:\arquivos de programas\Expstudio

2009-03-17 16:30 . 2009-03-17 16:30 161,322 --a------ c:\windows\Expstudio Audio Editor FREE Uninstaller.exe

2009-03-17 15:08 . 2009-03-17 15:09 <DIR> d-------- c:\arquivos de programas\EPSON

2009-03-17 15:03 . 2009-03-17 15:03 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2009-03-17 15:03 . 2003-06-23 02:44 1,415,680 --a------ c:\windows\system32\WMV9VCM.dll

2009-03-17 15:03 . 2006-09-01 16:14 65,536 --a------ c:\windows\system32\QuickTimeVR.qtx

2009-03-17 15:03 . 2006-09-01 16:14 49,152 --a------ c:\windows\system32\QuickTime.qts

2009-03-17 14:56 . 2009-03-17 14:56 <DIR> d-------- c:\documents and settings\Domagoj

2009-03-17 14:56 . 2009-03-17 14:56 <DIR> d-------- c:\arquivos de programas\Gabest

2009-03-17 14:50 . 2009-03-24 18:27 <DIR> d-------- c:\arquivos de programas\SharpArchiver

2009-03-17 13:47 . 2009-03-17 13:47 <DIR> d---s---- c:\documents and settings\BIA\UserData

2009-03-17 00:58 . 2009-03-25 12:38 <DIR> d-------- c:\documents and settings\BIA\Tracing

2009-03-17 00:58 . 2009-03-17 00:58 <DIR> d-------- c:\arquivos de programas\Microsoft Office Outlook Connector

2009-03-17 00:55 . 2009-03-17 00:55 <DIR> d-------- c:\arquivos de programas\Microsoft Sync Framework

2009-03-17 00:54 . 2009-03-17 00:54 <DIR> d-------- c:\arquivos de programas\Microsoft SQL Server Compact Edition

2009-03-17 00:54 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll

2009-03-17 00:53 . 2009-03-17 00:53 <DIR> d-------- c:\arquivos de programas\Windows Live SkyDrive

2009-03-17 00:53 . 2009-03-17 00:57 <DIR> d-------- c:\arquivos de programas\Windows Live

2009-03-17 00:53 . 2009-03-17 00:58 <DIR> d-------- c:\arquivos de programas\Microsoft

2009-03-16 22:14 . 2009-03-16 22:14 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-03-16 20:59 . 2009-03-10 17:05 26,320 --a------ c:\windows\system32\drivers\gbpkm.sys

2009-03-16 20:58 . 2009-03-22 19:21 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-03-16 20:58 . 2009-03-21 18:06 <DIR> d-------- c:\arquivos de programas\GbPlugin

2009-03-16 20:02 . 2009-03-16 20:02 268 --ah----- C:\sqmdata02.sqm

2009-03-16 20:02 . 2009-03-16 20:02 244 --ah----- C:\sqmnoopt02.sqm

2009-03-16 20:02 . 2009-03-16 20:02 148 --ah----- C:\sqmdata03.sqm

2009-03-16 20:02 . 2009-03-16 20:02 136 --ah----- C:\sqmnoopt03.sqm

2009-03-16 19:59 . 2009-03-16 19:59 <DIR> d-------- c:\documents and settings\BIA\Contacts

2009-03-16 19:56 . 2007-08-24 19:45 101,120 -ra------ c:\windows\system32\drivers\ewusbmdm.sys

2009-03-16 19:56 . 2008-04-13 11:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys

2009-03-16 19:56 . 2008-04-13 11:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys

2009-03-16 19:56 . 2007-08-24 19:45 24,448 -ra------ c:\windows\system32\drivers\ewdcsc.sys

2009-03-16 19:55 . 2009-03-16 19:56 <DIR> d-------- c:\arquivos de programas\Claro

2009-03-16 18:38 . 2009-03-16 18:38 268 --ah----- C:\sqmdata01.sqm

2009-03-16 18:38 . 2009-03-16 18:38 244 --ah----- C:\sqmnoopt01.sqm

2009-03-16 18:28 . 2009-03-23 16:08 69 --a------ c:\windows\NeroDigital.ini

2009-03-16 18:27 . 2009-03-16 18:28 <DIR> d-------- c:\documents and settings\BIA\Dados de aplicativos\Media Player Classic

2009-03-16 18:25 . 2009-03-16 18:25 268 --ah----- C:\sqmdata00.sqm

2009-03-16 18:25 . 2009-03-16 18:25 244 --ah----- C:\sqmnoopt00.sqm

2009-03-16 18:21 . 2009-03-16 18:21 <DIR> d-------- c:\documents and settings\BIA\Dados de aplicativos\Ahead

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-22 13:36 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-03-21 15:59 1,900,544 ----a-w c:\windows\SkyTel.exe

2009-03-19 15:18 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-03-17 18:03 --------- d-----w c:\arquivos de programas\K-Lite Codec Pack

2009-03-16 20:58 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-03-16 20:54 --------- d-----w c:\arquivos de programas\MSBuild

2009-03-16 20:54 --------- d-----w c:\arquivos de programas\Microsoft Works

2009-03-16 20:49 646,392 ----a-w c:\windows\system32\drivers\sptd.sys

2009-03-16 20:48 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Ahead

2009-03-16 20:47 --------- d-----w c:\arquivos de programas\Arquivos comuns\Ahead

2009-03-16 20:45 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Nero

2009-03-16 20:45 --------- d-----w c:\arquivos de programas\Nero

2009-03-16 20:35 315,392 ----a-w c:\windows\HideWin.exe

2009-03-16 20:35 --------- d-----w c:\arquivos de programas\Realtek

2009-03-16 20:31 --------- d-----w c:\arquivos de programas\S3

2009-03-16 20:31 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

2009-03-16 20:25 --------- d-----w c:\arquivos de programas\microsoft frontpage

2009-03-16 20:24 --------- d-----w c:\arquivos de programas\Serviços on-line

2009-03-16 20:23 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2009-02-09 14:06 1,846,912 ----a-w c:\windows\system32\win32k.sys

2009-02-06 22:14 308,088 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 21:52 49,504 ----a-w c:\windows\system32\sirenacm.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-03-25_10.59.18.42 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-03-25 15:38:08 16,384 ----atw c:\windows\temp\Perflib_Perfdata_814.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-03-21 3952128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 104744]

"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 364544]

"VTTimer"="VTTimer.exe" [2006-09-21 c:\windows\system32\VTTimer.exe]

"S3Trayp"="S3trayp.exe" [2007-06-11 c:\windows\system32\S3Trayp.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 c:\windows\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-03-10 17:03 421168 c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Nero\\Nero 7\\InCD\\InCD.exe"=

"c:\\Arquivos de programas\\Nero\\Nero 7\\InCD\\NBHGui.exe"=

"c:\\WINDOWS\\SkyTel.EXE"=

"c:\\WINDOWS\\system32\\userinit.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Claro\\Claro.exe"=

"c:\\Arquivos de programas\\Windows Live\\Toolbar\\wltuser.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\WINWORD.EXE"=

"c:\\Arquivos de programas\\Microsoft\\Office Live\\OfficeLiveSignIn.exe"=

"c:\\WINDOWS\\system32\\wuauclt.exe"=

"c:\\WINDOWS\\system32\\VTTimer.exe"=

"c:\\Arquivos de programas\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe"=

"c:\\WINDOWS\\system32\\S3trayp.exe"=

"c:\\WINDOWS\\vsnpstd.exe"=

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2009-03-16 26320]

R2 SeaPort;SeaPort;c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R3 dac970nt;dac970nt;\??\c:\windows\system32\drivers\kslhkn.sys --> c:\windows\system32\drivers\kslhkn.sys [?]

R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2007-07-11 714240]

 

--- ---

 

*NewlyCreated* - DAC970NT

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-25 12:38:09

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(772)

c:\arquivos de programas\GbPlugin\gbieh.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-03-25 12:39:46 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-03-25 15:39:43

ComboFix2.txt 2009-03-25 14:00:32

 

Pré-execução: 13 pasta(s) 139.349.819.392 bytes disponíveis

Pós execução: 11 pasta(s) 139,396,349,952 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

364 --- E O F --- 2009-03-22 19:07:58

[DigRam 144]

Boa Tarde! Beatriz Vittorazzi

 

Caro DigRam, fiz todo esse procedimento e continuo sem conseguir instalar o antivirus. segue abaixo o relatorio.

<!> Qual antivírus,voçê está tentando instalar?

<><><><><><><><><>

<@> Copie estas informações,entre os XXXXXXX....,para o Bloco de Notas.

<@> Salve-as,no desktop,como: CFScript <-- Texto!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

File::

c:\windows\system32\drivers\kslhkn.sys

C:\WINDOWS\System32\symboot.exe

Registry::

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 0 (0x1)

"DisableRegistryTools"= 0 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1 (0x0)

Driver::

"DAC970NT"

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Arraste o CFScript.txt,para o ícone do ComboFix.

<@> Arraste-o,até que surja uma solicitação para executar o ComboFix.exe.

<@> Terminando,poste: ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.