Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Gaudard

[Arquivado] Analise de Log!

Recommended Posts

Segue o log do hijck e Malwarerbyte

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:30:Sergio, on 4/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\winmgr\winmgr.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Documents and Settings\Sergio\Desktop\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

O4 - HKLM\..\Run: [uSBToolTip] "C:\Arquivos de programas\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WinMgr] C:\WINDOWS\winmgr\winmgr.exe /auto

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ccleaner] "C:\Arquivos de programas\CCleaner\ccleaner.exe" /AUTO

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: BrOffice.org 3.1.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\

 

--

End of file - 9161 bytes

 

Não sei mais o Malwarebyte achou esse dois, registro infectados, eu não consigo tirar.

 

 

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 3073

Windows 5.1.2600 Service Pack 3

 

4/11/2009 00:29:19 Sergio

mbam-log-2009-11-04 (00-28-47).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 114453

Tempo decorrido: 5 minute(s), 5 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 2

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

Compartilhar este post


Link para o post
Compartilhar em outros sites

*Desative temporariamente seu antivírus

*Baixe o ComboFix e salve-o no desktop

*Feche o Internet Explorer e o Windows Explorer

*Duplo-clique no arquivo Combofix.exe

*Aceite o contrato

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!! Para interromper o procedimento tecle [N]

*O programa será fechado automaticamente

*Cole o relatório criado em C:\combofix.txt e novo log do hijack

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá;

Wing, devido ao trabalho não estou tendo acesso a minha maquina, que está em casa, vou postar o resultado na segunda-feira 09/11, desde já muito grato

 

Olá fiz o procedimento acima, segue o log do combofix :

 

ComboFix 09-11-08.03 - Sergio 09/11/2009 1:53.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.957.316 [GMT -2:00]

Executando de: g:\equipe de limpeza\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

ADS - drivers: deleted 262 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\docume~1\Sergio\MEUSDO~1\FFOutput\IGEVAN~1.GIN\BIBLia~1.exe

c:\documents and settings\Sergio\Dados de aplicativos\Desktopicon

c:\documents and settings\Sergio\Dados de aplicativos\Desktopicon\config.ini

c:\documents and settings\Sergio\Dados de aplicativos\Desktopicon\mc.ico

c:\documents and settings\Sergio\Meus documentos\wpabaln.exe

c:\windows\winmgr

c:\windows\winmgr\licença.txt

c:\windows\winmgr\winmgr.chm

c:\windows\winmgr\winmgr.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-09 to 2009-11-09 ))))))))))))))))))))))))))))

.

 

2009-11-06 02:02 . 2009-11-06 02:02 -------- d-----w- c:\windows\system32\wbem\Repository

2009-11-04 01:56 . 2009-11-04 01:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-11-02 15:59 . 2009-11-02 16:02 -------- d-----w- C:\Lop SD

2009-11-02 03:51 . 2009-11-02 03:51 -------- d-----w- c:\arquivos de programas\ESET

2009-11-01 23:22 . 2009-11-01 02:20 92672 ----a-w- c:\windows\system32\KillBox.exe

2009-11-01 21:24 . 2008-03-17 13:56 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys

2009-11-01 21:24 . 2008-03-17 13:03 101376 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys

2009-11-01 21:24 . 2008-03-16 16:47 872192 ----a-w- c:\windows\system32\drivers\mod7700.sys

2009-11-01 21:24 . 2008-01-22 17:09 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys

2009-11-01 21:24 . 2007-08-09 06:13 24448 ----a-r- c:\windows\system32\drivers\ewdcsc.sys

2009-11-01 02:21 . 2009-11-01 02:21 -------- d-----w- C:\!KillBox

2009-10-30 22:08 . 1999-09-28 22:42 1034752 ----a-w- c:\windows\system32\MSJet35.dll

2009-10-30 22:08 . 1999-08-25 15:57 177664 ----a-w- c:\windows\system32\MSRepl35.dll

2009-10-30 22:08 . 1998-06-01 15:37 139264 ----a-w- c:\windows\system32\MSJInt35.dll

2009-10-30 22:08 . 1997-06-23 14:06 24848 ----a-w- c:\windows\system32\MSJtEr35.dll

2009-10-30 22:08 . 1997-06-13 08:34 368912 ----a-w- c:\windows\system32\VBAR332.dll

2009-10-30 22:08 . 2001-10-14 14:28 132096 ----a-w- c:\windows\system32\Zipdll.dll

2009-10-30 22:08 . 2001-10-14 14:28 117760 ----a-w- c:\windows\system32\Unzdll.dll

2009-10-30 22:08 . 2009-10-30 23:36 -------- d-----w- c:\arquivos de programas\Koinonia Software

2009-10-30 22:08 . 2009-10-30 22:08 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Opus Shared

2009-10-25 23:04 . 2009-10-25 23:04 -------- d--h--w- c:\windows\system32\GroupPolicy

2009-10-24 00:51 . 2009-11-09 00:18 -------- d-----w- c:\documents and settings\Sergio\Dados de aplicativos\HPAppData

2009-10-24 00:37 . 2009-10-24 00:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WEBREG

2009-10-24 00:37 . 2009-10-24 00:37 -------- d-----w- c:\documents and settings\Sergio\Dados de aplicativos\HP

2009-10-24 00:33 . 2009-10-24 00:33 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP

2009-10-24 00:32 . 2009-10-24 00:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2009-10-24 00:30 . 2009-10-24 00:30 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Hewlett-Packard

2009-10-24 00:30 . 2009-10-24 00:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP

2009-10-24 00:29 . 2009-10-24 00:33 -------- d-----w- c:\arquivos de programas\HP

2009-10-24 00:27 . 2009-10-24 00:37 164660 ----a-w- c:\windows\hphins33.dat

2009-10-24 00:27 . 2009-05-22 09:32 586 ------w- c:\windows\hphmdl33.dat

2009-10-23 02:14 . 2008-10-28 10:27 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys

2009-10-23 02:14 . 2008-10-28 10:27 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys

2009-10-23 02:14 . 2009-04-16 16:08 126976 ----a-w- c:\windows\system32\hpfll70v.dll

2009-10-23 02:14 . 2009-04-15 21:53 452408 ----a-r- c:\windows\system32\hpzids01.dll

2009-10-23 02:13 . 2008-10-28 10:27 372736 ----a-r- c:\windows\system32\hppldcoi.dll

2009-10-23 02:13 . 2008-10-28 10:27 309760 ----a-r- c:\windows\system32\difxapi.dll

2009-10-23 02:13 . 2008-10-28 10:27 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys

2009-10-23 00:22 . 2009-10-23 00:22 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-10-23 00:10 . 2009-10-23 00:10 -------- d-----w- c:\documents and settings\Sergio\Dados de aplicativos\Malwarebytes

2009-10-23 00:10 . 2009-09-10 16:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-23 00:10 . 2009-10-23 00:10 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-10-23 00:10 . 2009-10-23 00:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-10-23 00:10 . 2009-09-10 16:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-21 14:12 . 2008-04-13 13:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2009-10-21 14:12 . 2008-04-13 13:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-09 01:36 . 2009-09-21 00:51 1 ----a-w- c:\documents and settings\Sergio\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys

2009-11-08 22:04 . 2009-07-25 23:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\InterApp

2009-11-08 19:31 . 2009-06-09 14:55 -------- d-----w- c:\documents and settings\Sergio\Dados de aplicativos\gtk-2.0

2009-11-05 23:26 . 2009-05-16 18:29 -------- d-----w- c:\documents and settings\Sergio\Dados de aplicativos\Audacity

2009-11-02 19:57 . 2001-10-28 19:07 80396 ----a-w- c:\windows\system32\perfc016.dat

2009-11-02 19:57 . 2001-10-28 19:07 471614 ----a-w- c:\windows\system32\perfh016.dat

2009-11-01 21:24 . 2009-05-12 02:00 -------- d-----w- c:\arquivos de programas\VIVO ZAP 3G

2009-10-24 11:39 . 2009-05-19 01:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-10-24 11:38 . 2009-05-19 01:17 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-10-19 12:51 . 2009-05-11 20:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-10-15 16:48 . 2009-05-19 01:18 30752 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2009-10-05 02:31 . 2009-10-05 02:31 -------- d-----w- c:\arquivos de programas\Motorola

2009-10-05 02:13 . 2009-05-12 13:32 -------- d-----w- c:\arquivos de programas\Realtek

2009-09-21 00:50 . 2009-09-21 00:50 -------- d-----w- c:\documents and settings\Sergio\Dados de aplicativos\BrOffice.org

2009-09-21 00:48 . 2009-09-21 00:48 -------- d-----w- c:\arquivos de programas\BrOffice.org 3

2009-09-14 01:44 . 2009-09-14 01:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Drivers HeadQuarters

2009-09-14 01:40 . 2009-09-14 01:40 -------- d-----w- c:\arquivos de programas\Arquivos comuns\VCAMEye

2009-09-14 01:40 . 2009-05-11 20:29 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-08-30 13:22 . 2009-05-11 20:25 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-30 13:22 . 2009-05-11 20:25 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-08-30 13:22 . 2009-05-11 20:25 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-13 1695232]

"ccleaner"="c:\arquivos de programas\CCleaner\ccleaner.exe" [2007-05-10 598920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"USBToolTip"="c:\arquivos de programas\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2005-06-13 192512]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-05-21 148888]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]

"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-10-19 2025752]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]

"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2008-06-27 53248]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-07-05 16380416]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

c:\documents and settings\Sergio\Menu Iniciar\Programas\Inicializar\

BrOffice.org 3.1.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2009-4-16 384000]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-5-12 262144]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-10-15 16:42 316192 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-30 13:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Arquivos de programas\\Pinnacle\\Studio 10\\programs\\RM.exe"=

"c:\\Arquivos de programas\\Pinnacle\\Studio 10\\programs\\Studio.exe"=

"c:\\Arquivos de programas\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=

"c:\\Arquivos de programas\\Pinnacle\\Studio 10\\programs\\umi.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Arquivos de programas\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [18/5/2009 23:18 Sergio 30752]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/5/2009 18:25 Sergio 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/5/2009 18:25 Sergio 108552]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [11/5/2009 18:24 Sergio 297752]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [18/5/2009 23:18 Sergio 54048]

R3 Egatebus;Egatebus;c:\windows\system32\drivers\egatebus.sys [19/5/2006 11:23 Sergio 15328]

R3 Egaterdr;Egaterdr;c:\windows\system32\drivers\egaterdr.sys [19/5/2006 11:23 Sergio 13440]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [12/5/2009 11:30 Sergio 77968]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [12/5/2009 11:44 Sergio 288000]

S1 84cb537d;84cb537d;c:\windows\system32\drivers\84cb537d.sys --> c:\windows\system32\drivers\84cb537d.sys [?]

S2 jpdoabtof;Windows Helper;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 01:45 Sergio 14336]

S3 Egatecard;Egatecard;c:\windows\system32\drivers\egate.sys [19/5/2006 11:23 Sergio 18880]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - MBR

*Deregistered* - mbr

*Deregistered* - PROCEXP113

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

jpdoabtof

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: {BED85F3F-64C1-48D3-84A9-9E24BE5C3BEA} = 189.40.224.5 10.223.246.102

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

FF - ProfilePath - c:\documents and settings\Sergio\Dados de aplicativos\Mozilla\Firefox\Profiles\c82u16e5.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com.br

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - component: c:\arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll

FF - component: c:\arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll

FF - component: c:\arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll

FF - component: c:\arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll

FF - component: c:\arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll

FF - component: c:\arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll

FF - component: c:\arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll

FF - component: c:\arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll

FF - component: c:\arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll

FF - component: c:\arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll

FF - component: c:\arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll

FF - component: c:\arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll

FF - component: c:\documents and settings\Sergio\Dados de aplicativos\Mozilla\Firefox\Profiles\c82u16e5.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - plugin: c:\arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-WinMgr - c:\windows\winmgr\winmgr.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-09 01:57

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jpdoabtof]

"ServiceDll"="c:\windows\system32\ocvgzpi.dll"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(884)

c:\arquivos de programas\GBPLUGIN\gbieh.dll

.

Tempo para conclusão: 2009-11-09 1:59

ComboFix-quarantined-files.txt 2009-11-09 03:59

 

Pré-execução: 9 pasta(s) 92.979.765.248 bytes disponíveis

Pós execução: 13 pasta(s) 92.959.997.952 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - F3A6E1CC1D92F831A8EA46B62A339FFF

 

Log do Malwarebytes

 

 

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 3073

Windows 5.1.2600 Service Pack 3

 

9/11/2009 02:04:26 Sergio

mbam-log-2009-11-09 (02-04-26).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 112555

Tempo decorrido: 3 minute(s), 46 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

log do combofix

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.