[Resolvido!] Programas não rodam

[EDSSX 0]

Bom dia !

 

 

Certos programas tais como DDS, USBFIX, LOP S&D, ToolBar S&D etc... não está rodando em meu pc; consta uma mensagem de erro , dizendo que o programa não é reconhecido/comando interno ou externo, programa operável ou é um arquivo de fontes cfe. prints infra :

 

 

 

 

 

 

 

Fineza me ajudar .

 

 

 

Grato e abraços

[RafaelSonyLock 18]

Seu caso parece ser infecção por vírus !

 

Tópico movido de Softwares para Segurança e Malwares

 

Poste um log do HijackThis seguindo estas'>http://forum.imasters.com.br/index.php?/topic/165906-regra-n-02-utilizando-o-hijackthis/"]estas instruções para algum Analista de Segurança verificar e te ajudar no seu caso !

[EDSSX 0]

Boa Tarde !

 

 

Segue :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:05:06, on 22/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\AlienGUIse\wbload.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

D:\Arquivos de programas\Java\jre6\bin\jusched.exe

D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

D:\Arquivos de programas\BrOffice.org 3\program\soffice.exe

D:\Arquivos de programas\BrOffice.org 3\program\soffice.bin

D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\WINDOWS\system32\wuauclt.exe

D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe

D:\Documents and Settings\edsom luis\Meus documentos\Downloads\HiJackThis(2).exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "D:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [Gadwin PrintScreen] D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - Startup: BrOffice.org 3.1.lnk = D:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Gerenciador do Google Desktop 5.9.906.4286 (GoogleDesktopManager-060409-093314) - GAS Tecnologia - (no file)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 6011 bytes

 

 

Grato e abraços

[wings 22]

*Desative seu antivírus temporariamente

 

Clique com o botão direito do mouse no ícone do Avira ao lado do relógio > clique na opção "AntiVir Guard enable".

*Acesse o link abaixo

http://www.bitdefender.com/scan8/

*Clique em [start BitDefender Online Scanner]

*Instale o controle Active X: BitDefender OnlineScanner v8

*Clique em

*Ao término cole o resultado criado em C:\Windows\BDOSCAN8\bdoscan.log

[EDSSX 0]

Boa Tarde !

 

Segue o log :

 

BitDefender QuickScan Beta v0.9.7.8

-----------------------------------

 

Scan date: Sunday Nov 22 14:39:24 2009

Machine ID: 40F5D453

 

 

 

No infection found.

---------------------

 

 

Processes

---------

<unsigned> WindowBlinds 772 D:\Arquivos de programas\AlienGUIse\wbload.exe

<unsigned> Antivirus System Tray Tool 1612 D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

<unsigned> Antivirus On-Access Service 456 D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

<unsigned> Antivirus Scheduler 996 D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

<unsigned> BrOffice.org 3.1 1980 D:\Arquivos de programas\BrOffice.org 3\program\soffice.bin

<unsigned> BrOffice.org 3.1 1960 D:\Arquivos de programas\BrOffice.org 3\program\soffice.exe

<unsigned> Gadwin PrintScreen 1628 D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

 

<verified> Machine Debug Manager 452 D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

<verified> Java Quick Starter Service 1456 D:\Arquivos de programas\Java\jre6\bin\jqs.exe

<verified> Java Platform SE binary 1620 D:\Arquivos de programas\Java\jre6\bin\jusched.exe

<verified> Microsoft SeaPort Search Enhancement Broker 1768 D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

<verified> Firefox 3872 D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe

<verified> Google Installer 1636 D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

<verified> Windows Explorer 1508 D:\WINDOWS\Explorer.EXE

<verified> Windows Explorer 2344 D:\WINDOWS\explorer.exe

<verified> Application Layer Gateway Service 2408 D:\WINDOWS\System32\alg.exe

<verified> Client Server Runtime Process 1048 D:\WINDOWS\system32\csrss.exe

<verified> LSA Shell (Export Version) 1128 D:\WINDOWS\system32\lsass.exe

<verified> Aplicativo de serviços e controle 1116 D:\WINDOWS\system32\services.exe

<verified> Gerenciador de Sessão do Windows NT 944 D:\WINDOWS\System32\smss.exe

<verified> Spooler SubSystem App 928 D:\WINDOWS\system32\spoolsv.exe

<verified> Generic Host Process for Win32 Services 208 D:\WINDOWS\System32\svchost.exe

<verified> Generic Host Process for Win32 Services 304 D:\WINDOWS\system32\svchost.exe

<verified> Generic Host Process for Win32 Services 360 D:\WINDOWS\System32\svchost.exe

<verified> Generic Host Process for Win32 Services 460 D:\WINDOWS\system32\svchost.exe

<verified> Generic Host Process for Win32 Services 1308 D:\WINDOWS\system32\svchost.exe

<verified> Generic Host Process for Win32 Services 1372 D:\WINDOWS\system32\svchost.exe

<verified> Aplicativo de logon do Windows NT 1072 D:\WINDOWS\system32\winlogon.exe

<verified> Windows Update 600 D:\WINDOWS\system32\wuauclt.exe

 

 

Network activity

----------------

Process firefox.exe (3872) connected on port 80 (HTTP) - vx-in-f113.1e100.net

Process firefox.exe (3872) connected on port 80 (HTTP) - 96.6.76.20

Process firefox.exe (3872) connected on port 80 (HTTP) - yo-in-f156.1e100.net

Process firefox.exe (3872) connected on port 80 (HTTP) - vx-in-f113.1e100.net

 

Process svchost.exe (1372) listens on ports: 135 (RPC)

 

 

Autoruns and critical files

---------------------------

<unsigned> fLoad D:\Arquivos de programas\AlienGUIse\FASTLOAD.DLL

<unsigned> Antivirus System Tray Tool D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

<unsigned> quickstart.exe D:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe

<unsigned> Gadwin PrintScreen D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

<unsigned> HP Data Archive Module D:\Arquivos de programas\HP\hpcoretech\comp\hpdarc.exe

 

<verified> Adobe Acrobat SpeedLauncher D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

<verified> Adobe Reader and Acrobat Manager D:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

<verified> Java Platform SE binary D:\Arquivos de programas\Java\jre6\bin\jusched.exe

<verified> Malwarebytes' Anti-Malware D:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

<verified> GrooveShellExtensions Module D:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

<verified> Google Installer D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

<verified> Biblioteca da interface de usuário do navegador do D:\WINDOWS\system32\BROWSEUI.DLL

<verified> Crypto API32 D:\WINDOWS\system32\CRYPT32.DLL

<verified> Crypto Network Related API D:\WINDOWS\system32\CRYPTNET.DLL

<verified> Agente de rede off-line D:\WINDOWS\system32\CSCDLL.DLL

<verified> DIMS Notification Handler D:\WINDOWS\system32\DIMSNTFY.DLL

<verified> Interface de logon do Windows D:\WINDOWS\system32\logonui.exe

<verified> Microsoft Feeds Synchronization D:\WINDOWS\system32\msfeedssync.exe

<verified> DLL de notificação do serviço de logon secundário D:\WINDOWS\system32\sclgntfy.dll

<verified> DLL comum do Shell do Windows D:\WINDOWS\system32\SHELL32.DLL

<verified> Objeto de serviço do shell de Systray D:\WINDOWS\system32\STOBJECT.DLL

<verified> Aplicativo de logon Userinit d:\windows\system32\userinit.exe

<verified> Web Site Monitor D:\WINDOWS\system32\WEBCHECK.DLL

<verified> DLL comum para receber notificações do Winlogon D:\WINDOWS\system32\WLNOTIFY.DLL

<verified> Windows Portable Device Shell Service Object D:\WINDOWS\system32\WPDShServiceObj.dll

 

 

Browser plugins

---------------

<unsigned> Java Quick Starter binary d:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

<unsigned> Adobe Shockwave for Director Netscape plug-in, ver D:\Arquivos de programas\Mozilla Firefox\plugins\np32dsw.dll

<unsigned> Zylom Plugin D:\Arquivos de programas\Mozilla Firefox\plugins\npzylomgamesplayer.dll

<unsigned> bdupd.dll D:\WINDOWS\Downloaded Program Files\bdupd.dll

<unsigned> ipsupd.dll D:\WINDOWS\Downloaded Program Files\ipsupd.dll

<unsigned> Adobe Shockwave for Director Netscape plug-in, ver D:\WINDOWS\system32\Adobe\Director\np32dsw.dll

 

<verified> Adobe PDF Helper for Internet Explorer d:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\acroiehelpershim.dll

<verified> WindowsLiveLogin.dll d:\arquivos de programas\arquivos comuns\microsoft shared\windows live\windowslivelogin.dll

<verified> Java Platform SE binary d:\arquivos de programas\java\jre6\bin\jp2ssv.dll

<verified> GrooveShellExtensions Module D:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

<verified> 3.0.40818.0 d:\Arquivos de programas\Microsoft Silverlight\3.0.40818.0\npctrl.dll

<verified> Search Helper for Internet Explorer d:\arquivos de programas\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll

<verified> Java Platform SE binary D:\Arquivos de programas\Mozilla Firefox\plugins\npdeploytk.dll

<verified> Default Plug-in D:\Arquivos de programas\Mozilla Firefox\plugins\npnul32.dll

<verified> Office Plugin for Netscape Navigator D:\Arquivos de programas\Mozilla Firefox\plugins\NPOFF12.DLL

<verified> Adobe PDF Plug-In For Firefox and Netscape D:\Arquivos de programas\Mozilla Firefox\plugins\nppdf32.dll

<verified> Yahoo! Toolbar d:\arquivos de programas\yahoo!\companion\installs\cpn\yt.dll

<verified> Yahoo! Single Instance for Mail d:\arquivos de programas\yahoo!\companion\installs\cpn\ytsingleinstance.dll

<verified> Adobe® Flash® Player ActiveX Installer D:\WINDOWS\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe

<verified> Adobe® Flash® Player ActiveX Installer D:\WINDOWS\Downloaded Program Files\CONFLICT.2\FP_AX_CAB_INSTALLER.exe

<verified> Adobe® Flash® Player ActiveX Installer D:\WINDOWS\Downloaded Program Files\CONFLICT.3\FP_AX_CAB_INSTALLER.exe

<verified> Adobe® Flash® Player ActiveX Installer D:\WINDOWS\Downloaded Program Files\CONFLICT.4\FP_AX_CAB_INSTALLER.exe

<verified> GbpDist Module D:\WINDOWS\Downloaded Program Files\CONFLICT.5\gbpdist.dll

<verified> Adobe® Flash® Player ActiveX Installer D:\WINDOWS\Downloaded Program Files\CONFLICT.6\FP_AX_CAB_INSTALLER.exe

<verified> Adobe® Flash® Player ActiveX Installer D:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

<verified> GbpDist Module D:\WINDOWS\Downloaded Program Files\gbpdist.dll

<verified> Windows Presentation Foundation (WPF) plug-in for d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

<verified> Network Diagnostic for Windows XP D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

<verified> Internet Explorer D:\WINDOWS\system32\IEFRAME.DLL

<verified> NPSWF32.dll D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

<verified> Fornecedor de serviços do Microsoft Windows Socket D:\WINDOWS\system32\MSWSOCK.DLL

<verified> Microsoft Windows Rsvp 1.0 Service Provider D:\WINDOWS\system32\rsvpsp.dll

<verified> LDAP RnR Provider DLL D:\WINDOWS\system32\WINRNR.DLL

 

 

Missing files

-------------

File not found: system32\Drivers\RsNTGdi.sys

referenced in: HKLM\System\CurrentControlSet\Services\RsNTGDI\"ImagePath"

 

File not found: system32\drivers\HookCont.sys

referenced in: HKLM\System\CurrentControlSet\Services\hookcont\"ImagePath"

 

File not found: system32\drivers\TfFsMon.sys

referenced in: HKLM\System\CurrentControlSet\Services\TfFsMon\"ImagePath"

 

File not found: system32\drivers\TfSysMon.sys

referenced in: HKLM\System\CurrentControlSet\Services\TfSysMon\"ImagePath"

 

 

Scan

----

 

No file uploaded.

 

Scan finished - communication took 6 sec

Total traffic - 0.06 MB sent, 2.58 KB recvd

Scanned 1098 files and modules - 176 seconds

[wings 22]

Boa tarde...

 

1.

*Delete a pasta C:\Windows\BDOSCAN8

 

2.

*Baixe o ComboFix e salve-o no desktop

*Feche o Internet Explorer e o Windows Explorer

*Duplo-clique no arquivo Combofix.exe

*Aceite o contrato

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N.

*O programa será fechado automaticamente

*Cole o relatório criado em C:\combofix.txt

[EDSSX 0]

Boa Tarde !

 

 

Segue o log do combofix :

 

ComboFix 09-11-21.03 - edsom luis 22/11/2009 16:15.8.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.270 [GMT -2:00]

Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Rising Antivirus *On-access scanning disabled* (Outdated) {234E4A88-48FA-4220-A994-5323706FF524}

* Criado um novo ponto de restauração

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-25 to 2009-11-25 ))))))))))))))))))))))))))))

.

 

2009-11-22 13:08 . 2009-11-22 13:08 -------- d-----w- D:\FindyKill

2009-11-22 12:38 . 2009-11-22 12:38 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\QuickScan

2009-11-22 12:38 . 2009-10-22 15:39 679936 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\hzw2khas.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll

2009-11-22 12:38 . 2009-10-29 15:39 614400 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\hzw2khas.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

2009-11-22 11:29 . 2009-11-22 11:29 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Picajet.com

2009-11-22 11:28 . 2009-11-22 11:28 -------- d-----w- d:\arquivos de programas\PicaJet

2009-11-22 21:44 . 2009-11-22 21:45 -------- d-----w- D:\UsbFix

2009-11-22 21:34 . 2009-03-30 11:33 96104 ----a-w- d:\windows\system32\drivers\avipbb.sys

2009-11-22 21:34 . 2009-02-13 13:29 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys

2009-11-22 21:34 . 2009-02-13 13:17 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys

2009-11-21 21:34 . 2009-11-21 21:34 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Avira

2009-11-21 21:23 . 2009-11-21 21:23 0 ----a-w- D:\paths.bat

2009-11-21 21:23 . 2009-11-21 21:23 -------- d-----w- D:\Lop SD

2009-11-21 21:16 . 2009-11-21 21:16 -------- d-----w- D:\ToolBar SD

2009-11-21 20:41 . 2009-11-21 20:41 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\IObit

2009-11-21 11:56 . 2009-11-21 11:52 146032 ------w- d:\windows\system32\RavExt.dll

2009-11-21 11:56 . 2009-11-21 11:53 238704 ------w- d:\windows\system32\bsmain.exe

2009-11-20 12:17 . 2009-11-20 12:17 -------- d-----w- d:\arquivos de programas\Marcos Velasco Security

2009-11-19 12:18 . 2009-11-19 12:18 23 --sha-w- d:\windows\system32\abedaebd.dat

2009-11-19 04:31 . 2009-11-19 04:31 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Iomatic

2009-11-18 05:35 . 2009-11-18 05:35 -------- d-----w- d:\arquivos de programas\Arquivos comuns\PC Tools

2009-11-18 05:34 . 2009-11-18 05:34 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-11-15 03:37 . 2009-11-18 00:58 48 ----a-w- d:\windows\system32\_1PUTILS.dat

2009-11-14 22:15 . 2009-11-14 22:15 -------- d---a-w- D:\autorun(2).inf

2009-11-13 20:19 . 2009-11-13 20:19 -------- d-----w- d:\arquivos de programas\Arquivos comuns\ui

2009-11-13 20:19 . 2009-11-13 20:19 -------- d-----w- d:\arquivos de programas\Arquivos comuns\styles

2009-11-13 20:19 . 2009-11-13 20:19 -------- d-----w- d:\arquivos de programas\Arquivos comuns\skin

2009-11-13 20:19 . 2009-11-13 20:19 -------- d-----w- d:\arquivos de programas\Arquivos comuns\program

2009-11-13 20:19 . 2009-11-13 20:19 -------- d-----w- d:\arquivos de programas\Arquivos comuns\locale

2009-11-13 20:19 . 2009-11-13 20:19 -------- d-----w- d:\arquivos de programas\Arquivos comuns\extra

2009-11-06 16:09 . 2009-11-06 16:09 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Yahoo!

2009-11-04 22:02 . 2009-09-10 16:54 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2009-11-04 22:02 . 2009-11-04 22:02 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-11-04 22:02 . 2009-09-10 16:53 19160 ----a-w- d:\windows\system32\drivers\mbam.sys

2009-11-04 22:02 . 2009-11-04 22:02 -------- d-----w- d:\arquivos de programas\Malwarebytes' Anti-Malware

2009-11-03 20:55 . 2009-11-03 20:55 -------- d-----w- d:\arquivos de programas\Microsoft Works

2009-11-03 20:55 . 2009-11-03 20:55 -------- d-----w- d:\arquivos de programas\MSBuild

2009-11-03 20:52 . 2009-11-03 20:52 -------- d-----w- d:\arquivos de programas\Microsoft.NET

2009-11-03 20:49 . 2009-11-03 20:49 -------- d-----w- d:\arquivos de programas\Microsoft Visual Studio 8

2009-11-03 12:27 . 2009-11-03 12:27 -------- d-----w- D:\SMCLpav

2009-10-31 17:32 . 2009-10-31 17:32 -------- d-----w- d:\arquivos de programas\Yahoo!

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-19 11:57 . 2001-10-28 20:07 80198 ----a-w- d:\windows\system32\perfc016.dat

2009-11-19 11:57 . 2001-10-28 20:07 471376 ----a-w- d:\windows\system32\perfh016.dat

2009-11-19 11:52 . 2009-08-22 13:01 12 ----a-w- d:\windows\system32\drivers\IncompleteBoot.cnt

2009-11-19 21:40 . 2008-12-04 12:33 411368 ----a-w- d:\windows\system32\deploytk.dll

2009-11-19 08:18 . 2009-04-29 22:59 32 --sha-w- d:\windows\system32\drivers\fidbox.idx

2009-11-16 08:18 . 2009-04-29 22:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat

2009-11-16 22:29 . 2009-09-22 19:52 1 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys

2009-11-15 09:38 . 2009-08-27 00:37 664 ----a-w- d:\windows\system32\d3d9caps.dat

2009-11-13 20:19 . 2009-11-13 20:19 218 ----a-w- d:\arquivos de programas\Arquivos comuns\operaprefs_default.ini

2009-11-13 20:19 . 2009-03-27 22:27 2320 ----a-w- d:\arquivos de programas\Arquivos comuns\operadef6.ini

2009-11-03 19:53 . 2007-09-19 12:55 249856 ------w- d:\windows\Setup1.exe

2009-11-03 19:53 . 2007-09-19 12:55 73216 ----a-w- d:\windows\ST6UNST.EXE

2009-10-19 18:00 . 2009-10-19 18:00 15826 ----a-w- d:\arquivos de programas\Arquivos comuns\license.rtf

2009-10-19 17:50 . 2009-10-19 17:50 832296 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.exe

2009-10-19 17:50 . 2009-10-19 17:50 4334888 ----a-w- d:\arquivos de programas\Arquivos comuns\opera.dll

2009-10-19 17:49 . 2009-10-19 17:49 20480 ----a-w- d:\arquivos de programas\Arquivos comuns\OUniAnsi.dll

2009-10-19 17:49 . 2009-10-19 17:49 653419 ----a-w- d:\arquivos de programas\Arquivos comuns\encoding.bin

2009-09-26 00:45 . 2009-09-26 00:45 28 ----a-w- d:\windows\kmcdfa2200.dat

2009-09-22 19:51 . 2009-09-22 19:51 7424000 ----a-r- d:\documents and settings\edsom luis\Dados de aplicativos\Microsoft\Installer\{CE853177-215B-4C6D-AB90-3DCE66BA7D75}\soffice.exe

2009-09-17 19:43 . 2009-09-17 19:43 29584 ----a-w- d:\windows\system32\drivers\regguard.sys

2009-09-11 16:30 . 2009-09-11 16:30 54 ----a-w- d:\windows\system32\rp_stats.dat

2009-09-11 16:30 . 2009-09-11 16:30 44 ----a-w- d:\windows\system32\statistics.dat

2009-09-11 16:30 . 2009-09-11 16:30 39 ----a-w- d:\windows\system32\rp_rules.dat

2009-09-11 16:29 . 2009-09-11 19:13 64160 ----a-w- d:\windows\system32\drivers\Lbd.sys

2009-09-11 13:19 . 2004-08-04 09:45 136192 ----a-w- d:\windows\system32\msv1_0.dll

2009-09-09 22:15 . 2009-09-18 15:11 91856 ----a-w- d:\windows\system32\drivers\VBoxNetAdp.sys

2009-09-09 22:15 . 2009-09-18 15:10 41424 ----a-w- d:\windows\system32\drivers\VBoxUSBMon.sys

2009-09-09 22:15 . 2009-09-18 15:11 115856 ----a-w- d:\windows\system32\drivers\VBoxDrv.sys

2009-09-09 22:15 . 2009-09-09 22:15 133648 ----a-w- d:\windows\system32\VBoxNetFltNotify.dll

2009-09-09 22:15 . 2009-09-09 22:15 100368 ----a-w- d:\windows\system32\drivers\VBoxNetFlt.sys

2009-09-04 20:04 . 2004-08-04 09:45 58880 ----a-w- d:\windows\system32\msasn1.dll

2009-08-29 06:57 . 2004-08-04 09:45 916480 ------w- d:\windows\system32\wininet.dll

2009-08-26 15:04 . 2009-08-26 15:04 11233 ----a-w- d:\arquivos de programas\fm20enu.dll.zip

2009-08-20 14:06 . 2009-08-20 14:06 126704693 ----a-w- d:\arquivos de programas\brofficeorg1.cab

2009-08-20 14:04 . 2009-08-20 14:04 9812992 ----a-w- d:\arquivos de programas\brofficeorg31.msi

2009-08-19 07:39 . 2009-08-19 07:39 330 ----a-w- d:\arquivos de programas\setup.ini

2009-06-17 17:41 . 2009-06-17 17:41 3870 ----a-w- d:\arquivos de programas\Arquivos comuns\lngcode.txt

2008-06-09 13:17 . 2008-06-09 13:17 301 ----a-w- d:\arquivos de programas\Arquivos comuns\c3nform.vxml

2004-02-26 16:35 . 2004-02-26 16:35 7904 ----a-w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd

2002-03-11 08:06 . 2002-03-11 08:06 1822520 ----a-w- d:\arquivos de programas\instmsiw.exe

2002-03-11 07:45 . 2002-03-11 07:45 1708856 ----a-w- d:\arquivos de programas\instmsia.exe

2009-03-08 16:09 . 2008-04-14 02:21 638816 --sha-w- d:\windows\ServicePackFiles\i386\iexplore.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadwin PrintScreen"="d:\arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]

"Google Update"="d:\documents and settings\edsom luis\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-09-16 133104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="d:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="d:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"Malwarebytes Anti-Malware (reboot)"="d:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"avgnt"="d:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SunJavaUpdateSched"="d:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-11-24 149280]

 

d:\documents and settings\edsom luis\Menu Iniciar\Programas\Inicializar\

BrOffice.org 3.1.lnk - d:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2009-8-18 384000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRealMode"= 0 (0x0)

"HonorAutoRunSetting"= 0 (0x0)

"NoFileUrl"= 0 (0x0)

"NoUpdateCheck"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

2001-12-21 01:34 24576 ----a-w- d:\arquivos de programas\AlienGUIse\fastload.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0 bsmain

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\WINDOWS\\system32\\rtcshare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\groove.exe"=

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

 

R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [11/09/2009 17:13 64160]

R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [18/09/2009 13:11 115856]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [18/09/2009 13:10 41424]

R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [15/03/2005 12:00 277504]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [24/11/2009 19:34 108289]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [18/09/2009 13:11 91856]

R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [09/09/2009 20:15 100368]

R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [23/03/2007 02:00 30032]

S0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [18/04/2009 21:46 26568]

S0 RsNTGDI;RsNTGDI;d:\windows\system32\Drivers\RsNTGdi.sys --> d:\windows\system32\Drivers\RsNTGdi.sys [?]

S0 TfFsMon;TfFsMon;d:\windows\system32\drivers\TfFsMon.sys --> d:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;d:\windows\system32\drivers\TfSysMon.sys --> d:\windows\system32\drivers\TfSysMon.sys [?]

S1 hookcont;hookcont;d:\windows\system32\drivers\HookCont.sys --> d:\windows\system32\drivers\HookCont.sys [?]

S1 lgalcafo;lgalcafo; [x]

S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286; [x]

S3 MEMSWEEP2;MEMSWEEP2; [x]

S3 RegGuard;RegGuard;d:\windows\system32\drivers\regguard.sys [17/09/2009 17:43 29584]

S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [14/04/2009 19:51 30136]

S3 TfNetMon;TfNetMon; [x]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-07 d:\windows\Tasks\HP DArC Task 2003-04-11 09:53ewlett-PackardHewlett-Packard Companyeskjet35002003-04-11 17:25N4BF150JQ9B.job

- d:\arquivos de programas\HP\hpcoretech\comp\hpdarc.exe [2003-04-11 17:25]

 

2009-11-25 d:\windows\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job

- d:\windows\system32\msfeedssync.exe [2007-08-13 06:31]

.

.

------- Scan Suplementar -------

.

mWindow Title =

IE: E&xportar para o Microsoft Excel - d:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

.

.

------- Associação de arquivos/ficheiros -------

.

inifile=Notepad.exe "%1"

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-25 12:21

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\.Default\Software\Stardock\WindowBlinds]

@DACL=(02 0000)

 

[HKEY_USERS\S-1-5-21-839522115-1409082233-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\740714A303E250D498777F604DB0FF93\SourceList]

@DACL=(02 0000)

"PackageName"="Dashboard.msi"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\B37BDAE8D62087948A0FE1FEE5E1EC7C\SourceList]

@DACL=(02 0000)

"PackageName"="Install_{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}.msi"

"LastUsedSource"=expand:"n;1;d:\\Arquivos de programas\\Arquivos comuns\\WindowsLiveInstaller\\MsiSources\\"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(1072)

d:\arquivos de programas\AlienGUIse\fastload.dll

 

- - - - - - - > 'explorer.exe'(664)

d:\windows\system32\WININET.dll

d:\windows\system32\webcheck.dll

d:\windows\system32\WPDShServiceObj.dll

d:\windows\system32\PortableDeviceTypes.dll

d:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-11-22 16:23

ComboFix-quarantined-files.txt 2009-11-22 18:23

 

Pré-execução: 21 pasta(s) 41.247.342.592 bytes disponíveis

Pós execução: 23 pasta(s) 41.214.574.592 bytes disponíveis

 

- - End Of File - - A38827DF657278D0378B180AAB1E01EE

 

 

Obrigado e abraços

[wings 22]

O log está limpo....

 

*Clique em [iniciar] > [Executar] > digite: ComboFix /u

*Clique [OK]

 

 

*Delete a pasta C:\Qoobox e o arquivo C:\combofix.txt, se ainda existirem.

[EDSSX 0]

Boa Noite ! wings

 

 

Então a causa não está relacionada à malware, pois logs supra limpos . Aqui caso resolvido. Encerra - se o tópico .

 

 

Grato e abraços

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.