[Resolvido!] Análise de Log HijackThis

[Fábio Mesquita 0]

Por favor analisem o log abaixo, ultimamente tenho notado uma lentidão no meu PC e têm 2 processos rodando aqui que acredito serem virus (avg.exe e eguis.exe).

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:21:51, on 4/3/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AhnRpta.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Windows\System32\avg.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer.exe

C:\win2ks\Eguis.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe

C:\Arquivos de programas\Rainmeter\Rainmeter.exe

C:\WINDOWS\system32\javaw.exe

C:\Windows\System32\cmd.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Hijackthis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\athaserver\workforce

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:\\athaserver\workforce

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ftp://athalaia@ftp.athalaia.com.br/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.1.1:4480;http=192.168.1.1:4480;https=192.168.1.1:4480;socks=192.168.1.1:1080

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [] C:\Windows\System32\avg.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NokiaMServer] C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer /watchfiles startup

O4 - HKLM\..\Run: [GbpGSvc] C:\win2ks\Eguis.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\FBIO~1\CONFIG~1\Temp\herss.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [Windows Update] C:\win2ks\iexplorea.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: Workforce.lnk = C:\WINDOWS\system32\javaw.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Rainmeter.lnk = C:\Arquivos de programas\Rainmeter\Rainmeter.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.sbradesco.kit.net

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intranet.athalaia.com.br

O17 - HKLM\Software\..\Telephony: DomainName = intranet.athalaia.com.br

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intranet.athalaia.com.br

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = intranet.athalaia.com.br

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~1.0FO\adialhk.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 11624 bytes

 

 

Grato.

[wings 22]

Boa tarde...

 

Bastante contaminado o PC.

 

 

1.

*Baixe o USBFix e salve-o no desktop

*Desative temporariamente seu antivírus

 

Clique com o botão direito do mouse no ícone do Kaspersky no canto inferior da tela > Selecione "Disable monitoring"

*Espete o Pendrive no PC

*Duplo clique em UsbFix

*Tecle P > [ENTER]

*Tecle 1 > [ENTER] e aguarde o término

*Remova o Pendrive

*Cole o relatório criado em C:\UsbFix.txt

[Fábio Mesquita 0]

Boa tarde Wings!

 

Segue o log:

 

 

############################## | UsbFix V6.098 |

 

User : fábio () # ORCAMENTO

Update on 03/03/2010 by El Desaparecido , C_XX & Chimay8

Start at: 13:09:09 | 4/3/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

Intel® Celeron® CPU 2.53GHz

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Disabled

AV : Kaspersky Anti-Virus 6.0.3.837 [ (!) Disabled | (!) Outdated ]

FW : Kaspersky Anti-Virus[ (!) Disabled ]6.0.3.837

 

A:\ -> Unidade de disquete de 3 1/2 polegadas

C:\ -> Disco fixo local # 66,34 Go (24,46 Go free) # NTFS

D:\ -> Disco CD-ROM

E:\ -> Disco removível # 3,73 Go (2,9 Go free) [FABIO] # FAT32

F:\ -> Disco fixo local # 9,97 Go (7,5 Go free) [RESTORE] # FAT32

G:\ -> Disco removível # 124,22 Mo (123,7 Mo free) # FAT

Z:\ -> Conexão de rede # 97,66 Go (3,75 Go free) [Arquivos] # NTFS

 

################## | Ficheiros # pastas infeciosos |

 

C:\WINDOWS\AhnRpta.exe

C:\WINDOWS\System32\e8main0.dll

C:\WINDOWS\System32\e8main1.dll

C:\WINDOWS\System32\nmdfgds0.dll

C:\WINDOWS\System32\nmdfgds1.dll

C:\WINDOWS\System32\nmdfgds2.dll

C:\WINDOWS\System32\olhrwef.exe

C:\DOCUME~1\FBIO~1\CONFIG~1\Temp\cvasds0.dll

C:\DOCUME~1\FBIO~1\CONFIG~1\Temp\cvasds1.dll

C:\DOCUME~1\FBIO~1\CONFIG~1\Temp\cvasds2.dll

C:\DOCUME~1\FBIO~1\CONFIG~1\Temp\herss.exe

C:\0fkk02x.exe

C:\0fpdq2dw.exe

C:\0qw6vege.exe

C:\10nb.exe

C:\1a1dndah.exe

C:\1di1w.exe

C:\1f.bat

C:\1hqup.exe

C:\22yj2fy1.exe

C:\2a.exe

C:\2buirw.exe

C:\2id9.exe

C:\2nuk.com

C:\2sm66r.exe

C:\3.cmd

C:\3c.exe

C:\3n8awsyg.exe

C:\3slhl.exe

C:\3yalgc.exe

C:\601ugf.exe

C:\62.exe

C:\6phx.com

C:\6ruaqx.exe

C:\86.exe

C:\8dtyjjf.exe

C:\8paf1d.com

C:\8xcrbho6.exe

C:\9b9w3.exe

C:\9d6tpg.exe

C:\9dlvtiil.exe

C:\9ffp.exe

C:\9fo3ar0j.exe

C:\9g86.exe

C:\9jyhdim8.exe

C:\9qqigqwf.exe

C:\9u.exe

C:\9xf8.exe

C:\a2g21.exe

C:\aphqg.exe

C:\b00ijwpu.exe

C:\bveijo.exe

C:\bycfht.exe

C:\c2e.exe

C:\cj3k.exe

C:\cqb6wo.exe

C:\cqb6wo.exe

C:\cs6phv6d.exe

C:\ctu8r.exe

C:\curqp.exe

C:\cv8j.exe

C:\d9c.bat

C:\df.exe

C:\dogyx90.exe

C:\eexyv.exe

C:\etmt1.bat

C:\ewqij.bat

C:\f9o8o.exe

C:\fk.exe

C:\frg89pi.bat

C:\fsaht.cmd

C:\g12g.exe

C:\g8k.exe

C:\gbm6n.exe

C:\gclwpivc.cmd

C:\gpcdt.cmd

C:\hqy.exe

C:\hjvjte.exe

C:\hx.exe

C:\i0yva6.exe

C:\i9bwjpqc.exe

C:\ix8bmwx.bat

C:\k0maw.exe

C:\k1d.exe

C:\k8jc.exe

C:\kmj.exe

C:\ktly.exe

C:\l61yyp.exe

C:\lcw.exe

C:\lhh3v.exe

C:\lphfa.exe

C:\m.com

C:\mb9x.exe

C:\mbdm.exe

C:\mbvd.exe

C:\metdgv.bat

C:\mjafm.exe

C:\mranjm.exe

C:\mt2.exe

C:\mvmdh.exe

C:\mwfubaob.exe

C:\n0euybx.exe

C:\n68mqcra.exe

C:\nds0q.exe

C:\ngp8l.exe

C:\nkv.bat

C:\nqdymj.exe

C:\nymdik.exe

C:\nyt9mrd3.exe

C:\o8tf6l.exe

C:\o8tf6l.exe

C:\o9bxu.exe

C:\ohd.exe

C:\opdux.exe

C:\p.exe

C:\p0ijj.bat

C:\p3vwxx.exe

C:\pbudsara.exe

C:\ph.exe

C:\pkkwng.exe

C:\pkkwng.exe

C:\q0.exe

C:\q1alx.exe

C:\q3kku.exe

C:\q9.cmd

C:\qbr2q.exe

C:\qcod.exe

C:\qkm.exe

C:\r2g20.exe

C:\rg9g9bgq.exe

C:\rx.exe

C:\s.exe

C:\s1.exe

C:\s3ek.exe

C:\se12ydam.exe

C:\sm.exe

C:\sp1jensi.exe

C:\srgo.exe

C:\sywyrl0q.exe

C:\t2hjo0.exe

C:\t8g.exe

C:\t8s2x.exe

C:\tgt.exe

C:\u0riu2.exe

C:\ucivd6xi.bat

C:\ukfbi3aw.exe

C:\uqgvf.exe

C:\v1cbvsmq.exe

C:\vb0hsoay.exe

C:\vk0w.exe

C:\w3.exe

C:\w9hw8.exe

C:\w9uxx92.exe

C:\wbj.exe

C:\wcgswa.exe

C:\wfx062.exe

C:\wglb9q.exe

C:\wrsf.exe

C:\ws.exe

C:\wu1n.exe

C:\x8sigm.exe

C:\xbvv6o.com

C:\xdglur.bat

C:\xmor.exe

C:\y.exe

C:\y6yol.exe

C:\y8.exe

C:\ycvvj.exe

C:\yf3lu6l8.bat

C:\yhh.bat

E:\autorun.inf -> ficheiro chamado : "E:\fk.exe" ( Presente ! )

E:\autorun.inf

E:\1hqup.exe

E:\fk.exe

F:\0fkk02x.exe

F:\0fpdq2dw.exe

F:\0qw6vege.exe

F:\10nb.exe

F:\1a1dndah.exe

F:\1di1w.exe

F:\1f.bat

F:\1hqup.exe

F:\22yj2fy1.exe

F:\2a.exe

F:\2buirw.exe

F:\2id9.exe

F:\2nuk.com

F:\2sm66r.exe

F:\3.cmd

F:\3c.exe

F:\3n8awsyg.exe

F:\3slhl.exe

F:\3yalgc.exe

F:\601ugf.exe

F:\62.exe

F:\6phx.com

F:\6ruaqx.exe

F:\86.exe

F:\8dtyjjf.exe

F:\8paf1d.com

F:\8xcrbho6.exe

F:\9b9w3.exe

F:\9d6tpg.exe

F:\9dlvtiil.exe

F:\9ffp.exe

F:\9fo3ar0j.exe

F:\9g86.exe

F:\9jyhdim8.exe

F:\9qqigqwf.exe

F:\9u.exe

F:\9xf8.exe

F:\a2g21.exe

F:\aphqg.exe

F:\b00ijwpu.exe

F:\bveijo.exe

F:\bycfht.exe

F:\c2e.exe

F:\cj3k.exe

F:\cqb6wo.exe

F:\cqb6wo.exe

F:\cs6phv6d.exe

F:\ctu8r.exe

F:\curqp.exe

F:\cv8j.exe

F:\d9c.bat

F:\df.exe

F:\dogyx90.exe

F:\eexyv.exe

F:\etmt1.bat

F:\ewqij.bat

F:\f9o8o.exe

F:\fk.exe

F:\frg89pi.bat

F:\fsaht.cmd

F:\g12g.exe

F:\g8k.exe

F:\gbm6n.exe

F:\gclwpivc.cmd

F:\gpcdt.cmd

F:\hqy.exe

F:\hjvjte.exe

F:\hx.exe

F:\i0yva6.exe

F:\i9bwjpqc.exe

F:\ix8bmwx.bat

F:\k0maw.exe

F:\k1d.exe

F:\k8jc.exe

F:\kmj.exe

F:\ktly.exe

F:\l61yyp.exe

F:\lcw.exe

F:\lhh3v.exe

F:\lphfa.exe

F:\m.com

F:\mb9x.exe

F:\mbdm.exe

F:\mbvd.exe

F:\metdgv.bat

F:\mjafm.exe

F:\mranjm.exe

F:\mt2.exe

F:\mvmdh.exe

F:\mwfubaob.exe

F:\n0euybx.exe

F:\n68mqcra.exe

F:\nds0q.exe

F:\ngp8l.exe

F:\nkv.bat

F:\nqdymj.exe

F:\nymdik.exe

F:\nyt9mrd3.exe

F:\o8tf6l.exe

F:\o8tf6l.exe

F:\o9bxu.exe

F:\ohd.exe

F:\opdux.exe

F:\p.exe

F:\p0ijj.bat

F:\p3vwxx.exe

F:\pbudsara.exe

F:\ph.exe

F:\pkkwng.exe

F:\pkkwng.exe

F:\q0.exe

F:\q1alx.exe

F:\q3kku.exe

F:\q9.cmd

F:\qbr2q.exe

F:\qcod.exe

F:\qkm.exe

F:\r2g20.exe

F:\rg9g9bgq.exe

F:\rx.exe

F:\s.exe

F:\s1.exe

F:\s3ek.exe

F:\se12ydam.exe

F:\sm.exe

F:\sp1jensi.exe

F:\srgo.exe

F:\sywyrl0q.exe

F:\t2hjo0.exe

F:\t8g.exe

F:\t8s2x.exe

F:\tgt.exe

F:\u0riu2.exe

F:\ucivd6xi.bat

F:\ukfbi3aw.exe

F:\uqgvf.exe

F:\v1cbvsmq.exe

F:\vb0hsoay.exe

F:\vk0w.exe

F:\w3.exe

F:\w9hw8.exe

F:\w9uxx92.exe

F:\wbj.exe

F:\wcgswa.exe

F:\wfx062.exe

F:\wglb9q.exe

F:\wrsf.exe

F:\ws.exe

F:\wu1n.exe

F:\x8sigm.exe

F:\xbvv6o.com

F:\xdglur.bat

F:\xmor.exe

F:\y.exe

F:\y6yol.exe

F:\y8.exe

F:\ycvvj.exe

F:\yf3lu6l8.bat

F:\yhh.bat

G:\autorun.inf -> ficheiro chamado : "G:\fk.exe" ( Presente ! )

G:\autorun.inf

G:\fk.exe

Z:\khs

Z:\kht

Z:\khw

Z:\SYSTEM

 

################## | Registro |

 

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdoosoft"

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Update"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{BB4C402F-882A-4526-8C08-51278EA437C1}"

[HKLM\SOFTWARE\Classes\CLSID\MADOWN]

[HKCR\CLSID\{bb4c402f-882a-4526-8c08-51278ea437c1}]

[HKCR\CLSID\MADOWN]

[HKLM\Software\Classes\CLSID\{bb4c402f-882a-4526-8c08-51278ea437c1}]

[HKLM\software\microsoft\shared tools\msconfig\startupreg\cdoosoft]

[HKLM\SYSTEM\CurrentControlSet\Services\AVPsys]

[HKLM\SYSTEM\ControlSet001\Services\AVPsys]

[HKLM\SYSTEM\ControlSet002\Services\AVPsys]

 

################## | Mountpoints2 |

 

HKCU\..\..\Explorer\MountPoints2\{00b7b65d-206c-11df-aa9c-0013d32ff06a}

Shell\AutoRun\command =E:\62.exe

Shell\open\Command =E:\62.exe

 

HKCU\..\..\Explorer\MountPoints2\{0992572a-bf12-11de-aa3c-0013d32ff06a}

Shell\AutoRun\command =E:\wcgswa.exe

Shell\open\Command =E:\wcgswa.exe

 

HKCU\..\..\Explorer\MountPoints2\{26875769-7777-11de-b8d5-0013d32ff06a}

Shell\AutoRun\command =E:\8dtyjjf.exe

Shell\open\Command =E:\8dtyjjf.exe

 

HKCU\..\..\Explorer\MountPoints2\{959015df-7dc2-11de-a9ed-0013d32ff06a}

Shell\AutoRun\command =E:\AutoRun.exe

 

HKCU\..\..\Explorer\MountPoints2\{95901914-7dc2-11de-a9ed-0013d32ff06a}

Shell\AutoRun\command =E:\AutoRun.exe

 

HKCU\..\..\Explorer\MountPoints2\{c402b755-47bc-11de-b8a3-0013d32ff06a}

Shell\AutoRun\command =E:\pbudsara.exe

Shell\open\Command =E:\pbudsara.exe

 

HKCU\..\..\Explorer\MountPoints2\{dd18fd42-93e0-11de-aa0b-0013d32ff06a}

Shell\AutoRun\command =E:\AutoRun.exe

 

HKCU\..\..\Explorer\MountPoints2\{dd18fd45-93e0-11de-aa0b-0013d32ff06a}

Shell\AutoRun\command =E:\AutoRun.exe

 

################## | Vaccin |

 

 

################## | ! Fim do relatório # UsbFix V6.098 ! |

 

 

Uma informção que faltou no meu post anterior é que o antivirus não está mais atualizando o BD e tenho várias máquinas na empresa nesta mesma situação. As licenças dos KAV estão válidas mas dá erro na atualização.

[wings 22]

Uma informção que faltou no meu post anterior é que o antivirus não está mais atualizando o BD e tenho várias máquinas na empresa nesta mesma situação. As licenças dos KAV estão válidas mas dá erro na atualização.

 

Cada máquina é um caso diferente....estamos resolvendo o problema desta máquina.

 

Continuando..

 

*Espete novamente o Pendrive no PC

*Duplo clique em UsbFix

*Tecle P > [ENTER]

*Tecle 2 > [ENTER] e aguarde o término

*Remova o Pendrive

*Cole o relatório criado em C:\UsbFix.txt

[Fábio Mesquita 0]

Executei o procedimento mas por quase 3h ele ficou na etapa de Limpeza dos Arquivos temporários parado, a barra de progresso não estava movendo, então cancelei e executei o procedimento novamente onde se gerou este log:

 

 

############################## | UsbFix V6.098 |

 

User : fábio () # ORCAMENTO

Update on 03/03/2010 by El Desaparecido , C_XX & Chimay8

Start at: 15:40:05 | 4/3/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

Intel® Celeron® CPU 2.53GHz

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Disabled

AV : Kaspersky Anti-Virus 6.0.3.837 [ (!) Disabled | (!) Outdated ]

FW : Kaspersky Anti-Virus[ (!) Disabled ]6.0.3.837

 

A:\ -> Unidade de disquete de 3 1/2 polegadas

C:\ -> Disco fixo local # 66,34 Go (24,52 Go free) # NTFS

D:\ -> Disco CD-ROM

E:\ -> Disco removível # 3,73 Go (2,9 Go free) [FABIO] # FAT32

F:\ -> Disco fixo local # 9,97 Go (7,51 Go free) [RESTORE] # FAT32

G:\ -> Disco removível # 124,22 Mo (123,81 Mo free) # FAT

Z:\ -> Conexão de rede # 97,66 Go (3,68 Go free) [Arquivos] # NTFS

 

################## | Ficheiros # pastas infeciosos |

 

Supprimido ! C:\Recycler\S-1-5-21-3275425016-1838925424-743828447-1120

 

################## | Registro |

 

 

################## | Mountpoints2 |

 

 

################## | Listing |

 

[23/05/2009 11:52|--a------|0] C:\AUTOEXEC.BAT

[06/08/2009 09:32|---hs----|211] C:\boot.ini

[08/09/2004 07:15|-rahs----|4952] C:\Bootfont.bin

[23/05/2009 11:52|--a------|0] C:\CONFIG.SYS

[23/05/2009 11:52|-rahs----|0] C:\IO.SYS

[23/05/2009 11:52|-rahs----|0] C:\MSDOS.SYS

[13/04/2008 08:43|-rahs----|47564] C:\NTDETECT.COM

[13/04/2008 10:31|-rahs----|251696] C:\ntldr

[12/01/2010 11:48|-r-hs----|121856] C:\olu392qj.exe

[?|?|?] C:\pagefile.sys

[04/03/2010 15:44|--a------|1676] C:\UsbFix.txt

[01/02/2010 19:23|--ah-----|4096] E:\._.Trashes

[18/04/2009 11:56|--a------|2765765] E:\Charlie Brown Jr. - 100% - 02 - Hoje Eu Acordei Feliz.mp3

[18/04/2009 11:56|--a------|2248663] E:\Charlie Brown Jr. - Tudo Mudar.mp3

[18/04/2009 11:55|--a------|7113709] E:\black eyed peas - elephunk - 05 - shut up.mp3

[26/04/2009 21:06|--a------|7009295] E:\Black Eyed Peas dont lie.mp3

[18/04/2009 11:56|--a------|8752272] E:\Black Eyed Peas My Humps.mp3

[26/04/2009 21:06|--a------|6911793] E:\Black Eyed Peas Pump It.mp3

[18/04/2009 11:56|--a------|3735552] E:\Black Eyes - Whereïs the Love.mp3

[18/04/2009 11:56|--a------|6229837] E:\black_eyed_peas-dont_phunk_with_my_heart.mp3

[18/04/2009 11:56|--a------|2832512] E:\Bodyjar-One In A Million.mp3

[18/04/2009 11:56|--a------|12430307] E:\Cake - Fashion Nugget - 07 - I Will Survive.mp3

[18/04/2009 11:55|--a------|5838924] E:\02-smash_mouth-walkin_on_the_sun.mp3

[18/04/2009 11:55|--a------|7987214] E:\05-smash_mouth-why_cant_we_be_friends.mp3

[18/04/2009 11:55|--a------|5033949] E:\08-smash_mouth-then_the_morning_comes.mp3

[26/04/2009 20:58|--a------|4367064] E:\14 - Take it Home.mp3

[26/04/2009 20:58|--a------|3167986] E:\13 - Kill the Rich.mp3

[26/04/2009 20:58|--a------|4855698] E:\12 - The Dregs of Sobriety.mp3

[26/04/2009 20:58|--a------|4451002] E:\11 - Pacific Standard Time.mp3

[26/04/2009 20:58|--a------|2365353] E:\10 - Ontario.mp3

[18/04/2009 11:58|--a------|4011287] E:\Foo Fighters - Everlong.mp3

[18/04/2009 11:58|--a------|1657651] E:\Foo Fighters - Learn To Fly.mp3

[18/04/2009 11:57|--a------|3709348] E:\Evanescence - My Inmortal.mp3

[18/04/2009 11:57|--a------|4792981] E:\Evanessence - Bring Me To Life.mp3

[18/04/2009 11:57|--a------|3066897] E:\Everclear - Santa Monica.mp3

[18/04/2009 11:56|--a------|2100289] E:\Charlie Brown Jr - Local.mp3

[31/08/2008 14:45|--a------|2961408] E:\Charlie Brown Jr - Mantenha a D£vida.mp3

[14/06/2006 18:12|--a------|3049516] E:\Charlie Brown Jr - S¢ Por Uma Noite.mp3

[26/07/2009 15:14|--a------|3068032] E:\Bodyjar - Not The Same.mp3

[26/04/2009 20:58|--a------|4290208] E:\09 - Night of the Living Living.mp3

[26/04/2009 20:58|--a------|5511537] E:\08 - The Trumpet Player.mp3

[26/04/2009 20:58|--a------|5751186] E:\07 - The Feel Good Song of the Year.mp3

[26/04/2009 20:58|--a------|5147168] E:\06 - Domino.mp3

[26/04/2009 20:58|--a------|3023462] E:\05 - Sleeping Between Trucks.mp3

[21/12/2009 18:43|--a------|5817776] E:\03 - Yours to Destroy.mp3

[26/04/2009 20:58|--a------|4804822] E:\02 - I Want to be Wrong.mp3

[26/04/2009 20:58|--a------|3896266] E:\01 - Biggest Lie.mp3

[28/02/2009 15:58|--a------|5138149] E:\01-moony-i_dont_know_(radio_edit).mp3

[26/04/2009 21:43|--a------|8124370] E:\Moony - I Don't Know Why (Estate 2008).mp3

[18/04/2009 12:02|--a------|3188462] E:\foo fighters - generator.mp3

[17/11/2006 22:02|--a------|6335971] E:\foo_fighters-all_my_life-rns.mp3

[26/04/2009 21:00|--a------|6479323] E:\Foo Fighters - no way back.mp3

[26/04/2009 21:00|--a------|6332539] E:\foo fighters - best of you.mp3

[26/04/2009 21:00|--a------|5592354] E:\Evanescence - call me when youre sober.mp3

[23/12/2009 07:59|--a------|8546223] E:\black train jack - no reward - 11 - One Love.mp3

[26/04/2009 20:59|--a------|4770812] E:\black train jack - no reward - 10 - The Newest One.mp3

[16/01/2010 08:01|--a------|6219136] E:\Automatic - Tokio Hotel (FULL VERSION) .mp3

[16/01/2010 07:57|--a------|8676910] E:\04 Tokio Hotel - World Behind My Wall.mp3

[09/01/2010 16:31|--a------|3230789] E:\Tokio Hotel - Scream.mp3

[09/01/2010 16:21|--a------|2914138] E:\Tokio Hotel - Don't jump.mp3

[09/01/2010 16:15|--a------|3438177] E:\Tokio Hotel - Ready, Set, Go.mp3

[09/01/2010 16:15|--a------|3939456] E:\Tokio Hotel - Monsoon.mp3

[30/01/2010 09:34|--a------|3533968] E:\07 Cheer Up Boys, Your Makeup Is Running.mp3

[30/01/2010 09:28|--a------|3703536] E:\Foo Fighters - Monkey Wrench.mp3

[12/12/2009 09:11|--a------|2300952] E:\NOFX - My Heart Is Yearning.mp3

[12/12/2009 09:11|--a------|1785242] E:\NOFX - Jeff Wears Birkenstocks.mp3

[12/12/2009 08:49|--a------|2256024] E:\NOFX - Lori Meyers.mp3

[12/12/2009 08:46|--a------|2376215] E:\NOFX - Scavenger Type.mp3

[12/12/2009 08:46|--a------|1908958] E:\NOFX - Happy Guy.mp3

[12/12/2009 08:42|--a------|1302321] E:\NOFX - Punk Guy.mp3

[12/12/2009 08:31|--a------|1998413] E:\NOFX - Perfect Government.mp3

[12/12/2009 08:31|--a------|1578410] E:\NOFX - The Quass.mp3

[12/12/2009 08:26|--a------|1991324] E:\NOFX - Leave It Alone.mp3

[12/12/2009 08:24|--a------|2185647] E:\NOFX - Dig.mp3

[12/12/2009 08:24|--a------|2244475] E:\NOFX - Dying Degree.mp3

[12/12/2009 08:22|--a------|1734669] E:\NOFX - Fleas.mp3

[12/12/2009 08:21|--a------|2088458] E:\NOFX - Linoleum.mp3

[13/12/2009 15:54|--a------|2687956] E:\Soul Asylum - Just Like Anyone.mp3

[13/12/2009 15:39|--a------|3136086] E:\Soul Asylum - Somebody To Shove.mp3

[13/12/2009 15:37|--a------|3937657] E:\Life In Technicolor ii.mp3

[13/12/2009 15:22|--a------|3869818] E:\311 - Beautiful Disaster.mp3

[23/05/2009 14:06|--a------|2641046336] F:\restore.GHO

[12/01/2010 12:48|-r-hs----|121856] F:\olu392qj.exe

[02/03/2010 13:04|--a------|212648] G:\Trabalho de ciencias 1.docx

[02/03/2010 13:05|--a------|212742] G:\Trabalho de ciencias.docx

[04/03/2010 13:29|--a------|1470] G:\BOOTEX.LOG

[22/08/2003 13:45|--a------|5078] Z:\atha.bmp

[10/12/2007 08:11|--a------|1888256] Z:\bd.mdb

[12/12/2006 11:38|--a------|268282] Z:\cabeca_papel_timbrado.jpg

[08/02/2010 14:11|--a------|10304] Z:\Controle_de_VA_e_VT_free(ok).odt

[20/08/2003 17:54|--a------|2048] Z:\Del2.DB

[20/08/2003 17:52|--a------|4096] Z:\Del2.MB

[30/12/2008 16:27|--a------|5228544] Z:\DIFPAPEL.BKP

[02/12/2008 18:11|--a------|678] Z:\ecalc.ini

[19/02/2010 12:15|--a------|8918] Z:\firebird.log

[15/08/2006 19:49|--a------|1640628] Z:\ibbsetup.exe

[14/10/2003 07:59|--a------|110592] Z:\INDEXES.DB

[14/10/2003 07:59|--a------|4096] Z:\INDEXES.PX

[14/10/2003 07:59|--a------|18432] Z:\INDEXES.XG0

[14/10/2003 07:59|--a------|4096] Z:\INDEXES.YG0

[26/09/2007 13:46|--a------|224992] Z:\OdbcJdbc_DLL_Beta_1-3.zip

[13/04/2005 16:41|--a------|6140] Z:\OS's em Produ‡Æo por M quinas.rel

[30/05/2007 10:31|--a------|1344512] Z:\PermIB.exe

[22/07/2006 00:28|--a------|3759616] Z:\Relatorios.exe

[21/12/2005 12:02|--a------|3401] Z:\Requisi‡Æo - Troca de Papel.rel

[12/12/2006 11:39|--a------|107255] Z:\rotape_papel_timbrado.jpg

[04/05/2005 16:00|--a------|1056] Z:\SP_CHECAEMPENHO.sp

[04/05/2005 16:00|--a------|471] Z:\SP_CORRIGIREMPENHO.sp

[14/10/2003 07:59|--a------|563200] Z:\STRUT.DB

[14/10/2003 07:59|--a------|8192] Z:\STRUT.PX

[14/10/2003 07:59|--a------|296960] Z:\STRUT.XG0

[14/10/2003 07:59|--a------|12288] Z:\STRUT.YG0

[25/11/2008 14:13|--ahs----|17408] Z:\Thumbs.db

[15/08/2009 10:31|--a------|1631592448] Z:\TREINAMENTO.GDB

[09/06/2004 10:28|--a------|4131] Z:\Venda de Horas - Acabamento.rel

[24/08/2004 17:20|--a------|4131] Z:\Venda de Horas - ImpressÆo1.rel

 

################## | Vaccinação |

 

# E:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

# G:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

# Z:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

 

################## | Upload |

 

Favor enviar o arquivo : C:\UsbFix_Upload_Me_ATHALAIA.zip : http://chiquitine.changelog.fr/Sample/Upload.php

Obrigado pela sua contribuição .

 

################## | ! Fim do relatório # UsbFix V6.098 ! |

[wings 22]

1.

*Duplo clique em UsbFix

*Tecle P > [ENTER]

*Tecle 6 > [ENTER]

 

2.

*Mantenha seu antivírus desativado!

*Baixe o Bankerfix e salve-o no desktop

*Duplo clique em bankerfix.exe.

*Clique [OK] > [sIM] (se pedir alguma atualização) > [OK]

*Tecle [ENTER] e aguarde.

*Ao término tecle [ENTER]

*Cole o relatório criado em C:\LinhaDefensiva\relatorio.txt

[Fábio Mesquita 0]

Log do USB Fix:

 

 

############################## | UsbFix V6.098 |

 

User : fábio () # ORCAMENTO

Update on 03/03/2010 by El Desaparecido , C_XX & Chimay8

Start at: 16:42:40 | 4/3/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

Intel® Celeron® CPU 2.53GHz

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Disabled

AV : Kaspersky Anti-Virus 6.0.3.837 [ (!) Disabled | (!) Outdated ]

FW : Kaspersky Anti-Virus[ (!) Disabled ]6.0.3.837

 

A:\ -> Unidade de disquete de 3 1/2 polegadas

C:\ -> Disco fixo local # 66,34 Go (24,5 Go free) # NTFS

D:\ -> Disco CD-ROM

E:\ -> Disco removível # 3,73 Go (2,9 Go free) [FABIO] # FAT32

F:\ -> Disco fixo local # 9,97 Go (7,51 Go free) [RESTORE] # FAT32

G:\ -> Disco removível # 124,22 Mo (123,81 Mo free) # FAT

Z:\ -> Conexão de rede # 97,66 Go (3,6 Go free) [Arquivos] # NTFS

 

###################### | Listing dos ficheiros presentes C:\ |

 

[23/05/2009 11:52|--a------|0] - C:\AUTOEXEC.BAT

[06/08/2009 09:32|---hs----|211] - C:\boot.ini

[08/09/2004 07:15|-rahs----|4952] - C:\Bootfont.bin

[23/05/2009 11:52|--a------|0] - C:\CONFIG.SYS

[23/05/2009 11:52|-rahs----|0] - C:\IO.SYS

[23/05/2009 11:52|-rahs----|0] - C:\MSDOS.SYS

[13/04/2008 08:43|-rahs----|47564] - C:\NTDETECT.COM

[13/04/2008 10:31|-rahs----|251696] - C:\ntldr

[12/01/2010 11:48|-r-hs----|121856] - C:\olu392qj.exe

[?|?|?] - C:\pagefile.sys

[04/03/2010 16:42|--a------|1508] - C:\UsbFix.txt

[04/03/2010 15:45|--a------|16720145] - C:\UsbFix_Upload_Me_ATHALAIA.zip

 

###################### | Listing das pastas presentes C:\ |

 

[02/03/2010 15:18|dr-------|0] - C:\Arquivos de programas

[25/05/2009 10:40|d--------|0] - C:\AUTORUN.INF

[02/03/2010 15:19|d--hs----|0] - C:\Config.Msi

[12/02/2010 08:14|d--------|0] - C:\Documents and Settings

[13/10/2009 16:44|d--------|0] - C:\ecalc

[23/05/2009 13:19|d--------|0] - C:\fa8ae13f1e92a1c8af68a6

[04/03/2010 08:21|d--------|0] - C:\Hijackthis

[23/09/2009 12:04|d--------|0] - C:\KAV

[23/05/2009 15:56|dr-h-----|0] - C:\MSOCache

[04/03/2010 15:44|d--hs----|0] - C:\RECYCLER

[23/05/2009 12:24|d--hs----|0] - C:\System Volume Information

[23/09/2009 14:54|d--------|0] - C:\Temp

[23/05/2009 14:55|d--------|0] - C:\Thunderbird

[04/03/2010 16:42|d--------|0] - C:\UsbFix

[23/02/2010 15:50|d--hs----|0] - C:\win2ks

[04/03/2010 13:32|d--------|0] - C:\WINDOWS

[30/07/2009 17:28|d--------|0] - C:\workforce

 

###################### | Listing dos ficheiros presentes E:\ |

 

[01/02/2010 19:23|--ah-----|4096] - E:\._.Trashes

[18/04/2009 11:56|--a------|2765765] - E:\Charlie Brown Jr. - 100% - 02 - Hoje Eu Acordei Feliz.mp3

[18/04/2009 11:56|--a------|2248663] - E:\Charlie Brown Jr. - Tudo Mudar.mp3

[18/04/2009 11:55|--a------|7113709] - E:\black eyed peas - elephunk - 05 - shut up.mp3

[26/04/2009 21:06|--a------|7009295] - E:\Black Eyed Peas dont lie.mp3

[18/04/2009 11:56|--a------|8752272] - E:\Black Eyed Peas My Humps.mp3

[26/04/2009 21:06|--a------|6911793] - E:\Black Eyed Peas Pump It.mp3

[18/04/2009 11:56|--a------|3735552] - E:\Black Eyes - Whereïs the Love.mp3

[18/04/2009 11:56|--a------|6229837] - E:\black_eyed_peas-dont_phunk_with_my_heart.mp3

[18/04/2009 11:56|--a------|2832512] - E:\Bodyjar-One In A Million.mp3

[18/04/2009 11:56|--a------|12430307] - E:\Cake - Fashion Nugget - 07 - I Will Survive.mp3

[18/04/2009 11:55|--a------|5838924] - E:\02-smash_mouth-walkin_on_the_sun.mp3

[18/04/2009 11:55|--a------|7987214] - E:\05-smash_mouth-why_cant_we_be_friends.mp3

[18/04/2009 11:55|--a------|5033949] - E:\08-smash_mouth-then_the_morning_comes.mp3

[26/04/2009 20:58|--a------|4367064] - E:\14 - Take it Home.mp3

[26/04/2009 20:58|--a------|3167986] - E:\13 - Kill the Rich.mp3

[26/04/2009 20:58|--a------|4855698] - E:\12 - The Dregs of Sobriety.mp3

[26/04/2009 20:58|--a------|4451002] - E:\11 - Pacific Standard Time.mp3

[26/04/2009 20:58|--a------|2365353] - E:\10 - Ontario.mp3

[18/04/2009 11:58|--a------|4011287] - E:\Foo Fighters - Everlong.mp3

[18/04/2009 11:58|--a------|1657651] - E:\Foo Fighters - Learn To Fly.mp3

[18/04/2009 11:57|--a------|3709348] - E:\Evanescence - My Inmortal.mp3

[18/04/2009 11:57|--a------|4792981] - E:\Evanessence - Bring Me To Life.mp3

[18/04/2009 11:57|--a------|3066897] - E:\Everclear - Santa Monica.mp3

[18/04/2009 11:56|--a------|2100289] - E:\Charlie Brown Jr - Local.mp3

[31/08/2008 14:45|--a------|2961408] - E:\Charlie Brown Jr - Mantenha a D£vida.mp3

[14/06/2006 18:12|--a------|3049516] - E:\Charlie Brown Jr - S¢ Por Uma Noite.mp3

[26/07/2009 15:14|--a------|3068032] - E:\Bodyjar - Not The Same.mp3

[26/04/2009 20:58|--a------|4290208] - E:\09 - Night of the Living Living.mp3

[26/04/2009 20:58|--a------|5511537] - E:\08 - The Trumpet Player.mp3

[26/04/2009 20:58|--a------|5751186] - E:\07 - The Feel Good Song of the Year.mp3

[26/04/2009 20:58|--a------|5147168] - E:\06 - Domino.mp3

[26/04/2009 20:58|--a------|3023462] - E:\05 - Sleeping Between Trucks.mp3

[21/12/2009 18:43|--a------|5817776] - E:\03 - Yours to Destroy.mp3

[26/04/2009 20:58|--a------|4804822] - E:\02 - I Want to be Wrong.mp3

[26/04/2009 20:58|--a------|3896266] - E:\01 - Biggest Lie.mp3

[28/02/2009 15:58|--a------|5138149] - E:\01-moony-i_dont_know_(radio_edit).mp3

[26/04/2009 21:43|--a------|8124370] - E:\Moony - I Don't Know Why (Estate 2008).mp3

[18/04/2009 12:02|--a------|3188462] - E:\foo fighters - generator.mp3

[17/11/2006 22:02|--a------|6335971] - E:\foo_fighters-all_my_life-rns.mp3

[26/04/2009 21:00|--a------|6479323] - E:\Foo Fighters - no way back.mp3

[26/04/2009 21:00|--a------|6332539] - E:\foo fighters - best of you.mp3

[26/04/2009 21:00|--a------|5592354] - E:\Evanescence - call me when youre sober.mp3

[23/12/2009 07:59|--a------|8546223] - E:\black train jack - no reward - 11 - One Love.mp3

[26/04/2009 20:59|--a------|4770812] - E:\black train jack - no reward - 10 - The Newest One.mp3

[16/01/2010 08:01|--a------|6219136] - E:\Automatic - Tokio Hotel (FULL VERSION) .mp3

[16/01/2010 07:57|--a------|8676910] - E:\04 Tokio Hotel - World Behind My Wall.mp3

[09/01/2010 16:31|--a------|3230789] - E:\Tokio Hotel - Scream.mp3

[09/01/2010 16:21|--a------|2914138] - E:\Tokio Hotel - Don't jump.mp3

[09/01/2010 16:15|--a------|3438177] - E:\Tokio Hotel - Ready, Set, Go.mp3

[09/01/2010 16:15|--a------|3939456] - E:\Tokio Hotel - Monsoon.mp3

[30/01/2010 09:34|--a------|3533968] - E:\07 Cheer Up Boys, Your Makeup Is Running.mp3

[30/01/2010 09:28|--a------|3703536] - E:\Foo Fighters - Monkey Wrench.mp3

[12/12/2009 09:11|--a------|2300952] - E:\NOFX - My Heart Is Yearning.mp3

[12/12/2009 09:11|--a------|1785242] - E:\NOFX - Jeff Wears Birkenstocks.mp3

[12/12/2009 08:49|--a------|2256024] - E:\NOFX - Lori Meyers.mp3

[12/12/2009 08:46|--a------|2376215] - E:\NOFX - Scavenger Type.mp3

[12/12/2009 08:46|--a------|1908958] - E:\NOFX - Happy Guy.mp3

[12/12/2009 08:42|--a------|1302321] - E:\NOFX - Punk Guy.mp3

[12/12/2009 08:31|--a------|1998413] - E:\NOFX - Perfect Government.mp3

[12/12/2009 08:31|--a------|1578410] - E:\NOFX - The Quass.mp3

[12/12/2009 08:26|--a------|1991324] - E:\NOFX - Leave It Alone.mp3

[12/12/2009 08:24|--a------|2185647] - E:\NOFX - Dig.mp3

[12/12/2009 08:24|--a------|2244475] - E:\NOFX - Dying Degree.mp3

[12/12/2009 08:22|--a------|1734669] - E:\NOFX - Fleas.mp3

[12/12/2009 08:21|--a------|2088458] - E:\NOFX - Linoleum.mp3

[13/12/2009 15:54|--a------|2687956] - E:\Soul Asylum - Just Like Anyone.mp3

[13/12/2009 15:39|--a------|3136086] - E:\Soul Asylum - Somebody To Shove.mp3

[13/12/2009 15:37|--a------|3937657] - E:\Life In Technicolor ii.mp3

[13/12/2009 15:22|--a------|3869818] - E:\311 - Beautiful Disaster.mp3

 

###################### | Listing das pastas presentes E:\ |

 

[01/02/2010 19:23|d--h-----|0] - E:\.Trashes

[01/02/2010 19:23|d--h-----|0] - E:\.Spotlight-V100

[02/08/2009 08:34|d--------|0] - E:\Pink ~ Studio Discography {2000 - 2008}

[04/03/2010 15:44|drahs----|0] - E:\autorun.inf

 

###################### | Listing dos ficheiros presentes F:\ |

 

[23/05/2009 14:06|--a------|2641046336] - F:\restore.GHO

[12/01/2010 12:48|-r-hs----|121856] - F:\olu392qj.exe

 

###################### | Listing das pastas presentes F:\ |

 

[25/05/2009 10:40|d--------|0] - F:\AUTORUN.INF

[23/05/2009 16:11|d--hs----|0] - F:\Recycled

 

###################### | Listing dos ficheiros presentes G:\ |

 

[02/03/2010 13:04|--a------|212648] - G:\Trabalho de ciencias 1.docx

[02/03/2010 13:05|--a------|212742] - G:\Trabalho de ciencias.docx

[04/03/2010 13:29|--a------|1470] - G:\BOOTEX.LOG

 

###################### | Listing das pastas presentes G:\ |

 

[04/03/2010 15:44|drahs----|0] - G:\autorun.inf

 

###################### | Listing dos ficheiros presentes Z:\ |

 

[22/08/2003 13:45|--a------|5078] - Z:\atha.bmp

[10/12/2007 08:11|--a------|1888256] - Z:\bd.mdb

[12/12/2006 11:38|--a------|268282] - Z:\cabeca_papel_timbrado.jpg

[08/02/2010 14:11|--a------|10304] - Z:\Controle_de_VA_e_VT_free(ok).odt

[20/08/2003 17:54|--a------|2048] - Z:\Del2.DB

[20/08/2003 17:52|--a------|4096] - Z:\Del2.MB

[30/12/2008 16:27|--a------|5228544] - Z:\DIFPAPEL.BKP

[02/12/2008 18:11|--a------|678] - Z:\ecalc.ini

[19/02/2010 12:15|--a------|8918] - Z:\firebird.log

[15/08/2006 19:49|--a------|1640628] - Z:\ibbsetup.exe

[14/10/2003 07:59|--a------|110592] - Z:\INDEXES.DB

[14/10/2003 07:59|--a------|4096] - Z:\INDEXES.PX

[14/10/2003 07:59|--a------|18432] - Z:\INDEXES.XG0

[14/10/2003 07:59|--a------|4096] - Z:\INDEXES.YG0

[26/09/2007 13:46|--a------|224992] - Z:\OdbcJdbc_DLL_Beta_1-3.zip

[13/04/2005 16:41|--a------|6140] - Z:\OS's em Produ‡Æo por M quinas.rel

[30/05/2007 10:31|--a------|1344512] - Z:\PermIB.exe

[22/07/2006 00:28|--a------|3759616] - Z:\Relatorios.exe

[21/12/2005 12:02|--a------|3401] - Z:\Requisi‡Æo - Troca de Papel.rel

[12/12/2006 11:39|--a------|107255] - Z:\rotape_papel_timbrado.jpg

[04/05/2005 16:00|--a------|1056] - Z:\SP_CHECAEMPENHO.sp

[04/05/2005 16:00|--a------|471] - Z:\SP_CORRIGIREMPENHO.sp

[14/10/2003 07:59|--a------|563200] - Z:\STRUT.DB

[14/10/2003 07:59|--a------|8192] - Z:\STRUT.PX

[14/10/2003 07:59|--a------|296960] - Z:\STRUT.XG0

[14/10/2003 07:59|--a------|12288] - Z:\STRUT.YG0

[25/11/2008 14:13|--ahs----|17408] - Z:\Thumbs.db

[15/08/2009 10:31|--a------|1631592448] - Z:\TREINAMENTO.GDB

[09/06/2004 10:28|--a------|4131] - Z:\Venda de Horas - Acabamento.rel

[24/08/2004 17:20|--a------|4131] - Z:\Venda de Horas - ImpressÆo1.rel

 

###################### | Listing das pastas presentes Z:\ |

 

[04/03/2010 15:44|drahs----|0] - Z:\autorun.inf

[04/03/2010 12:15|d--------|0] - Z:\backup

[01/07/2004 16:45|d--------|0] - Z:\bde

[09/01/2010 08:38|d-a------|0] - Z:\CalcMapa

[11/01/2010 12:30|d--------|0] - Z:\DIF

[03/04/2009 15:31|d--------|0] - Z:\Documentos

[14/08/2008 20:28|d--------|0] - Z:\Figuras

[09/07/2008 16:02|d--------|0] - Z:\htm

[16/07/2007 15:12|d--------|0] - Z:\Ibexpert

[26/05/2009 10:36|d--------|0] - Z:\Instalacao Ecalc

[24/07/2009 08:28|d--------|0] - Z:\Interbase

[13/04/2005 08:28|d--------|0] - Z:\Manuais

[01/07/2004 16:37|d--------|0] - Z:\Manual Troca de Pap‚is

[04/03/2010 16:37|d--------|0] - Z:\OsProp

[21/12/2009 08:34|d--------|0] - Z:\Relatorios

[01/07/2004 16:31|d--------|0] - Z:\server

[28/11/2006 11:17|d--------|0] - Z:\SQL Monitor

[18/02/2010 14:27|d--------|0] - Z:\Versoes-athalaia

 

################## | ! Fim do relatório # UsbFix V6.098 ! |

 

 

 

 

Log do Bankerfix:

 

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2010-03-04 - 16:47

-------------------------------------------------------

Lista de Definição: 2010-01-14-1 | CORE: 2010-01-14-1

=======================================================

 

Arquivo infectado detectado: C:\WINDOWS\system32\avg.exe

Arquivo infectado removido com sucesso!

 

 

 

----- Fim -------------------------

[wings 22]

1.

*Duplo clique em UsbFix

*Tecle P > [ENTER]

*Tecle 6 > [ENTER]

 

2.

*Delete o BankerFix e a pasta C:\LinhaDefensiva

 

3.

*Mantenha seu antivírus desativado!!

*Baixe o ComboFix e salve-o no desktop

*Duplo-clique no arquivo Combofix.exe

*Aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso não esteja, uma janela conforme abaixo será aberta. Clique em [sIM] para aceitar a instalação do mesmo.

 

 

*Após a instalação, clique em [Yes] para continuar. Seja paciente e aguarde até que todas as etapas sejam concluídas.

 

 

 

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado.

 

*Cole-o na sua próxima resposta

[Fábio Mesquita 0]

ComboFix 10-03-04.01 - fábio 04/03/2010 17:09:44.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.494.236 [GMT -3:00]

Executando de: c:\documents and settings\fábio\Desktop\ComboFix.exe

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 212 bytes in 2 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Rainmeter.lnk

C:\olu392qj.exe

c:\windows\cmd.ini

c:\windows\system32\ccrpTmr6.dll

c:\windows\system32\drivers\drive.sys

c:\windows\system32\drivers\drive.sys.off

F:\olu392qj.exe

 

----- BITS: Sites possivelmente infectados -----

 

hxxp://athaserver

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_CUZINHO

-------\Service_Cuzinho

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-04 to 2010-03-04 ))))))))))))))))))))))))))))

.

 

2010-03-04 18:45 . 2010-03-04 18:45 16720145 ----a-w- C:\UsbFix_Upload_Me_ATHALAIA.zip

2010-03-04 16:08 . 2010-03-04 20:01 -------- d-----w- C:\UsbFix

2010-03-04 11:20 . 2010-03-04 11:21 -------- d-----w- C:\Hijackthis

2010-03-02 18:18 . 2010-03-02 18:19 -------- d-----w- c:\arquivos de programas\Rainmeter

2010-02-23 18:49 . 2010-02-23 18:50 -------- d-----w- C:\win2ks

2010-02-17 13:26 . 2010-02-17 13:26 360580 ----a-w- c:\windows\eSellerateEngine.dll

2010-02-17 13:25 . 2010-02-17 13:25 -------- d-----w- c:\arquivos de programas\Salling Software AB

2010-02-17 13:24 . 2010-02-17 13:24 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2010-02-12 11:16 . 2010-02-12 11:16 -------- d-sh--w- c:\documents and settings\luis\PrivacIE

2010-02-12 11:15 . 2010-02-12 11:15 -------- d-sh--w- c:\documents and settings\luis\IETldCache

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-04 20:20 . 2009-09-23 15:04 19937824 --sha-w- c:\windows\system32\drivers\fidbox.dat

2010-03-04 20:19 . 2009-09-23 15:04 234016 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2010-03-04 20:17 . 2009-09-23 15:04 25028 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2010-03-04 20:17 . 2009-09-23 15:04 269072 --sha-w- c:\windows\system32\drivers\fidbox.idx

2010-03-04 20:17 . 2009-12-14 09:57 12 ----a-w- c:\windows\bthservsdp.dat

2010-03-04 19:51 . 2009-05-23 17:48 -------- d-----w- c:\arquivos de programas\Mozilla Thunderbird

2010-03-04 18:35 . 2009-05-23 15:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab

2010-03-04 13:31 . 2009-05-25 13:39 -------- d-----w- c:\arquivos de programas\USB Disk Security

2010-02-24 17:49 . 2009-09-24 14:54 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2010-02-24 17:49 . 2009-09-24 14:54 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2010-02-24 13:50 . 2009-05-23 17:52 -------- d-----w- c:\arquivos de programas\GbPlugin

2010-02-17 10:08 . 2004-09-08 10:17 79980 ----a-w- c:\windows\system32\perfc016.dat

2010-02-17 10:08 . 2004-09-08 10:17 471022 ----a-w- c:\windows\system32\perfh016.dat

2010-02-02 09:55 . 2009-05-23 17:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2010-01-25 10:18 . 2010-01-25 10:18 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2010-01-22 13:04 . 2010-01-22 11:02 -------- d-----w- c:\arquivos de programas\Nokia

2010-01-22 12:57 . 2010-01-22 12:57 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nokia

2010-01-22 11:45 . 2010-01-22 11:03 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nokia

2010-01-22 11:42 . 2010-01-22 11:40 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution

2010-01-22 11:35 . 2010-01-22 11:19 12212040 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe

2010-01-22 11:35 . 2010-01-22 11:19 13930312 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe

2010-01-22 11:35 . 2010-01-22 11:19 77824 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe

2010-01-22 11:35 . 2010-01-22 11:19 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx86.exe

2010-01-22 11:35 . 2010-01-22 11:19 58880 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx64.exe

2010-01-22 11:35 . 2010-01-22 11:19 50000 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe

2010-01-22 11:18 . 2010-01-22 11:18 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\OviInstallerCache

2010-01-22 11:14 . 2010-01-22 11:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf

2010-01-22 11:14 . 2010-01-22 11:14 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf

2010-01-22 11:13 . 2010-01-22 11:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite

2010-01-22 11:05 . 2010-01-22 11:03 -------- d-----w- c:\arquivos de programas\DIFX

2010-01-22 11:05 . 2010-01-22 11:18 95992424 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_webinstaller_ALL.exe

2010-01-22 11:04 . 2010-01-22 11:04 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PCSuite

2010-01-22 11:00 . 2010-01-22 11:00 95232 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe

2010-01-22 11:00 . 2010-01-22 11:00 8192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe

2010-01-22 11:00 . 2010-01-22 11:00 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2010-01-22 11:00 . 2010-01-22 11:00 10240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe

2010-01-22 11:00 . 2010-01-22 11:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Installations

2010-01-22 10:56 . 2010-01-22 11:01 33734648 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_por_br_web.exe

2010-01-15 20:05 . 2009-05-23 15:09 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2010-01-15 20:05 . 2009-05-23 15:11 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-01-13 13:58 . 2009-05-23 15:28 -------- d-----w- c:\arquivos de programas\Java

.

 

------- Sigcheck -------

 

[-] 2009-03-02 . 8C912A3C7178AA2D63227A7C9A21CEBF . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PC Suite Tray"="c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer" [X]

"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]

"VTTimer"="VTTimer.exe" [2004-01-15 49152]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Acrobat Assistant 7.0"="c:\arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"GbpGSvc"="c:\win2ks\Eguis.exe" [2010-02-23 229376]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" [2009-03-08 128512]

 

c:\documents and settings\f bio\Menu Iniciar\Programas\Inicializar\

Workforce.lnk - c:\windows\system32\javaw.exe [2010-1-13 145184]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-11-19 25214]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3275425016-1838925424-743828447-1120\Scripts\Logon\0\0]

"Script"=c:\documentos\_Orçamento\FirefoxADM 0.5.9.3\firefoxADM Login 0.4\firefox_login.lgns

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Ultr@VNC Server.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Ultr@VNC Server.lnk

backup=c:\windows\pss\Ultr@VNC Server.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^fábio^Menu Iniciar^Programas^Inicializar^BrOffice.org 3.0.lnk]

path=c:\documents and settings\fábio\Menu Iniciar\Programas\Inicializar\BrOffice.org 3.0.lnk

backup=c:\windows\pss\BrOffice.org 3.0.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]

c:\arquivos de programas\VIA\RAID\raid_t [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]

2007-11-19 18:40 231952 ----a-w- c:\arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/5/2007 18:49 24344]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys --> c:\windows\system32\drivers\GbpKm.sys [?]

S2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe --> c:\arquiv~1\GbPlugin\GbpSv.exe [?]

S3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\drivers\modrc.sys [9/11/2009 07:09 13824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

.

------- Scan Suplementar -------

.

uInternet Connection Wizard,ShellNext = ftp://athalaia@ftp.athalaia.com.br/

uInternet Settings,ProxyServer = ftp=192.168.1.1:4480;http=192.168.1.1:4480;https=192.168.1.1:4480;socks=192.168.1.1:1080

uInternet Settings,ProxyOverride = <local>

IE: Convert link target to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

FF - ProfilePath - c:\documents and settings\fábio\Dados de aplicativos\Mozilla\Firefox\Profiles\72rp0lao.default\

FF - prefs.js: network.proxy.ftp - 192.168.1.1

FF - prefs.js: network.proxy.ftp_port - 4480

FF - prefs.js: network.proxy.gopher - 192.168.1.1

FF - prefs.js: network.proxy.gopher_port - 4480

FF - prefs.js: network.proxy.http - 192.168.1.1

FF - prefs.js: network.proxy.http_port - 4480

FF - prefs.js: network.proxy.socks - 192.168.1.1

FF - prefs.js: network.proxy.socks_port - 4480

FF - prefs.js: network.proxy.ssl - 192.168.1.1

FF - prefs.js: network.proxy.ssl_port - 4480

FF - prefs.js: network.proxy.type - 1

FF - component: c:\arquivos de programas\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll

FF - component: c:\arquivos de programas\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - component: c:\documents and settings\fábio\Dados de aplicativos\Mozilla\Firefox\Profiles\72rp0lao.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

Notify- GbPluginBb - c:\arquivos de programas\GbPlugin\gbieh.dll

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-04 17:19

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(968)

c:\windows\system32\klogon.dll

 

- - - - - - - > 'explorer.exe'(3304)

c:\arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\scrchpg.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msls31.dll

c:\arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\adialhk.dll

c:\windows\system32\DNSAPI.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\arquivos de programas\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\arquivos de programas\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\arquivos de programas\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_por-br.nlr

c:\arquivos de programas\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

c:\windows\SOUNDMAN.EXE

c:\windows\system32\VTTimer.exe

c:\windows\system32\rundll32.exe

c:\arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer.exe

c:\arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

c:\arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\arquivos de programas\PC Connectivity Solution\Transports\NclMSBTSrv.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-03-04 17:26:15 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-03-04 20:26

 

Pré-execução: 13 pasta(s) 26.286.714.880 bytes disponíveis

Pós execução: 17 pasta(s) 26.746.691.584 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 983859C4FDBAE38B625D986672E52232

[wings 22]

*Baixe o SystemLook e salve-o no desktop

*Selecione e copie (Ctrl+c) o código abaixo:

 

:dir

C:\win2ks

*Duplo clique em SystemLook.exe

*Cole (Ctrl+v) o código no espaço em branco

*Clique em [Look]

*Cole o relatório apresentado em SystemLook.txt localizado no desktop

[Fábio Mesquita 0]

SystemLook v1.0 by jpshortstuff (11.01.10)

Log created at 17:51 on 04/03/2010 by fábio (Administrator - Elevation successful)

 

========== dir ==========

 

C:\win2ks - Parameters: "(none)"

 

---Files---

1 --a--- 4 bytes [18:50 23/02/2010] [18:50 23/02/2010]

cd.exe --a--- 2499803 bytes [18:49 23/02/2010] [18:50 23/02/2010]

clk.wav --a--- 2202 bytes [18:50 23/02/2010] [18:50 23/02/2010]

Eguis.exe ---h-- 229376 bytes [18:49 23/02/2010] [18:49 23/02/2010]

iexplorea.exe --a--- 368640 bytes [18:50 23/02/2010] [18:50 23/02/2010]

issa.exe --a--- 32768 bytes [18:49 23/02/2010] [18:49 23/02/2010]

 

---Folders---

None found.

 

-=End Of File=-

[wings 22]

OK...

 

1.

*Delete o SystemLook e seu relatório

 

2.

*Novo log do hijack

[Fábio Mesquita 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:04:06, on 4/3/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer.exe

C:\win2ks\Eguis.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\WINDOWS\system32\javaw.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Thunderbird\thunderbird.exe

C:\Hijackthis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ftp://athalaia@ftp.athalaia.com.br/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.1.1:4480;http=192.168.1.1:4480;https=192.168.1.1:4480;socks=192.168.1.1:1080

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NokiaMServer] C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer /watchfiles startup

O4 - HKLM\..\Run: [GbpGSvc] C:\win2ks\Eguis.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: Workforce.lnk = C:\WINDOWS\system32\javaw.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intranet.athalaia.com.br

O17 - HKLM\Software\..\Telephony: DomainName = intranet.athalaia.com.br

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intranet.athalaia.com.br

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = intranet.athalaia.com.br

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 9593 bytes

[wings 22]

OK...

 

Vamos lá!

 

 

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

 

Folder::

C:\win2ks

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GbpGSvc"=-

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

 

*Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N ou 2.

 

*Cole o relatório criado em C:\combofix.txt

[Fábio Mesquita 0]

ComboFix 10-03-04.02 - fábio 04/03/2010 18:20:25.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.494.109 [GMT -3:00]

Executando de: c:\documents and settings\fábio\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\fábio\Desktop\CFScript.txt

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\win2ks

c:\win2ks\1

c:\win2ks\cd.exe

c:\win2ks\clk.wav

c:\win2ks\Eguis.exe

c:\win2ks\iexplorea.exe

c:\win2ks\issa.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-04 to 2010-03-04 ))))))))))))))))))))))))))))

.

 

2010-03-04 18:45 . 2010-03-04 18:45 16720145 ----a-w- C:\UsbFix_Upload_Me_ATHALAIA.zip

2010-03-04 16:08 . 2010-03-04 20:01 -------- d-----w- C:\UsbFix

2010-03-04 11:20 . 2010-03-04 21:03 -------- d-----w- C:\Hijackthis

2010-03-02 18:18 . 2010-03-02 18:19 -------- d-----w- c:\arquivos de programas\Rainmeter

2010-02-17 13:26 . 2010-02-17 13:26 360580 ----a-w- c:\windows\eSellerateEngine.dll

2010-02-17 13:25 . 2010-02-17 13:25 -------- d-----w- c:\arquivos de programas\Salling Software AB

2010-02-17 13:24 . 2010-02-17 13:24 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2010-02-12 11:16 . 2010-02-12 11:16 -------- d-sh--w- c:\documents and settings\luis\PrivacIE

2010-02-12 11:15 . 2010-02-12 11:15 -------- d-sh--w- c:\documents and settings\luis\IETldCache

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-04 21:27 . 2009-09-23 15:04 20020256 --sha-w- c:\windows\system32\drivers\fidbox.dat

2010-03-04 21:26 . 2009-09-23 15:04 240160 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2010-03-04 20:31 . 2009-05-23 17:48 -------- d-----w- c:\arquivos de programas\Mozilla Thunderbird

2010-03-04 20:17 . 2009-09-23 15:04 25028 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2010-03-04 20:17 . 2009-09-23 15:04 269072 --sha-w- c:\windows\system32\drivers\fidbox.idx

2010-03-04 20:17 . 2009-12-14 09:57 12 ----a-w- c:\windows\bthservsdp.dat

2010-03-04 18:35 . 2009-05-23 15:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab

2010-03-04 13:31 . 2009-05-25 13:39 -------- d-----w- c:\arquivos de programas\USB Disk Security

2010-02-24 17:49 . 2009-09-24 14:54 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2010-02-24 17:49 . 2009-09-24 14:54 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2010-02-24 13:50 . 2009-05-23 17:52 -------- d-----w- c:\arquivos de programas\GbPlugin

2010-02-17 10:08 . 2004-09-08 10:17 79980 ----a-w- c:\windows\system32\perfc016.dat

2010-02-17 10:08 . 2004-09-08 10:17 471022 ----a-w- c:\windows\system32\perfh016.dat

2010-02-02 09:55 . 2009-05-23 17:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2010-01-25 10:18 . 2010-01-25 10:18 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2010-01-22 13:04 . 2010-01-22 11:02 -------- d-----w- c:\arquivos de programas\Nokia

2010-01-22 12:57 . 2010-01-22 12:57 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nokia

2010-01-22 11:45 . 2010-01-22 11:03 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nokia

2010-01-22 11:42 . 2010-01-22 11:40 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution

2010-01-22 11:35 . 2010-01-22 11:19 12212040 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe

2010-01-22 11:35 . 2010-01-22 11:19 13930312 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe

2010-01-22 11:35 . 2010-01-22 11:19 77824 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe

2010-01-22 11:35 . 2010-01-22 11:19 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx86.exe

2010-01-22 11:35 . 2010-01-22 11:19 58880 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx64.exe

2010-01-22 11:35 . 2010-01-22 11:19 50000 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe

2010-01-22 11:18 . 2010-01-22 11:18 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\OviInstallerCache

2010-01-22 11:14 . 2010-01-22 11:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf

2010-01-22 11:14 . 2010-01-22 11:14 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf

2010-01-22 11:13 . 2010-01-22 11:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite

2010-01-22 11:05 . 2010-01-22 11:03 -------- d-----w- c:\arquivos de programas\DIFX

2010-01-22 11:05 . 2010-01-22 11:18 95992424 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_webinstaller_ALL.exe

2010-01-22 11:04 . 2010-01-22 11:04 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PCSuite

2010-01-22 11:00 . 2010-01-22 11:00 95232 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe

2010-01-22 11:00 . 2010-01-22 11:00 8192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe

2010-01-22 11:00 . 2010-01-22 11:00 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2010-01-22 11:00 . 2010-01-22 11:00 10240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe

2010-01-22 11:00 . 2010-01-22 11:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Installations

2010-01-22 10:56 . 2010-01-22 11:01 33734648 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_por_br_web.exe

2010-01-15 20:05 . 2009-05-23 15:09 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2010-01-15 20:05 . 2009-05-23 15:11 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-01-13 13:58 . 2009-05-23 15:28 -------- d-----w- c:\arquivos de programas\Java

.

 

------- Sigcheck -------

 

[-] 2009-03-02 . 8C912A3C7178AA2D63227A7C9A21CEBF . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PC Suite Tray"="c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer" [X]

"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]

"VTTimer"="VTTimer.exe" [2004-01-15 49152]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Acrobat Assistant 7.0"="c:\arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" [2009-03-08 128512]

 

c:\documents and settings\f bio\Menu Iniciar\Programas\Inicializar\

Workforce.lnk - c:\windows\system32\javaw.exe [2010-1-13 145184]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-11-19 25214]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

c:\arquivos de programas\GbPlugin\gbieh.dll [bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3275425016-1838925424-743828447-1120\Scripts\Logon\0\0]

"Script"=c:\documentos\_Orçamento\FirefoxADM 0.5.9.3\firefoxADM Login 0.4\firefox_login.lgns

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Ultr@VNC Server.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Ultr@VNC Server.lnk

backup=c:\windows\pss\Ultr@VNC Server.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^fábio^Menu Iniciar^Programas^Inicializar^BrOffice.org 3.0.lnk]

path=c:\documents and settings\fábio\Menu Iniciar\Programas\Inicializar\BrOffice.org 3.0.lnk

backup=c:\windows\pss\BrOffice.org 3.0.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]

c:\arquivos de programas\VIA\RAID\raid_t [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]

2007-11-19 18:40 231952 ----a-w- c:\arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/5/2007 18:49 24344]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys --> c:\windows\system32\drivers\GbpKm.sys [?]

S2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe --> c:\arquiv~1\GbPlugin\GbpSv.exe [?]

S3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\drivers\modrc.sys [9/11/2009 07:09 13824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

.

------- Scan Suplementar -------

.

uInternet Connection Wizard,ShellNext = ftp://athalaia@ftp.athalaia.com.br/

uInternet Settings,ProxyServer = ftp=192.168.1.1:4480;http=192.168.1.1:4480;https=192.168.1.1:4480;socks=192.168.1.1:1080

uInternet Settings,ProxyOverride = <local>

IE: Convert link target to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

FF - ProfilePath - c:\documents and settings\fábio\Dados de aplicativos\Mozilla\Firefox\Profiles\72rp0lao.default\

FF - prefs.js: network.proxy.ftp - 192.168.1.1

FF - prefs.js: network.proxy.ftp_port - 4480

FF - prefs.js: network.proxy.gopher - 192.168.1.1

FF - prefs.js: network.proxy.gopher_port - 4480

FF - prefs.js: network.proxy.http - 192.168.1.1

FF - prefs.js: network.proxy.http_port - 4480

FF - prefs.js: network.proxy.socks - 192.168.1.1

FF - prefs.js: network.proxy.socks_port - 4480

FF - prefs.js: network.proxy.ssl - 192.168.1.1

FF - prefs.js: network.proxy.ssl_port - 4480

FF - prefs.js: network.proxy.type - 1

FF - component: c:\arquivos de programas\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll

FF - component: c:\arquivos de programas\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - component: c:\documents and settings\fábio\Dados de aplicativos\Mozilla\Firefox\Profiles\72rp0lao.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-04 18:27

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(968)

c:\windows\system32\klogon.dll

.

Tempo para conclusão: 2010-03-04 18:29:58

ComboFix-quarantined-files.txt 2010-03-04 21:29

ComboFix2.txt 2010-03-04 20:26

 

Pré-execução: 16 pasta(s) 26.746.830.848 bytes disponíveis

Pós execução: 16 pasta(s) 26.731.139.072 bytes disponíveis

 

- - End Of File - - 97739EF14B937BB6A436480B43B3F47C

[wings 22]

OK...

 

 

O PC está limpo... :)

 

1.

*Delete o arquivo C:\UsbFix_Upload_Me_ATHALAIA.zip

 

2.

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

 

*Clique em [Executar]

*Aguarde até surgir a mensagem: "ComboFix está desinstalado"

 

*Clique [OK]

 

3.

*Baixe o ATF Cleaner e salve-o no desktop

*Duplo clique em ATF-Cleaner.exe

*Em Main selecione [select all]

*Clique em [Empty Selected]

=>Caso use Firefox ou Opera, também, siga os procedimentos abaixo:

*Em "Firefox" ou em "Opera" clique em [select all] ( se você deseja manter suas passwords clique No, caso contrário clique Yes).

*Clique [Empty Selected] ( se você deseja manter suas passwords clique No, caso contrário clique Yes).

*Clique em [Exit] ou no [X] para sair do programa

 

4.

*Ative seu antivírus.

 

 

Um abraço.

[Fábio Mesquita 0]

beleza Wings... muito obrigado pela sua ajuda. Funcionando perfeitamente agora :joia: .

 

Um Abraço!

[wings 22]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.