[Resolvido] &nbspAnálise de LOG

[MarKteus 1]

Olá, agradeço qualquer auxilio

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 02:04:48, on 15/3/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\ARQUIV~1\MI6841~1\MSSQL\binn\sqlservr.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Office_2007\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Trend Micro\Titanium\plugin\TMAS\TMAS_OE\TMAS_OEMon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\Jmojea.exe

C:\Documents and Settings\Markteus\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.olhonoclick.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Arquivos de programas\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\OFFICE~1\Office12\GRA8E1~1.DLL

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Arquivos de programas\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Office_2007\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Arquivos de programas\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"

O4 - HKLM\..\Run: [Trend Micro Titanium] "C:\Arquivos de programas\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""

O4 - HKLM\..\Run: [OE] "C:\Arquivos de programas\Trend Micro\Titanium\plugin\TMAS\TMAS_OE\TMAS_OEMon.exe"

O4 - HKLM\..\RunOnce: [WDM_MIDISYNTH0] rundll32.exe streamci.dll,StreamingDeviceSetup {B0C2EBA2-1099-4e80-A7F1-984910EB435E},MidiSyn,{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},c:\documents and settings\markteus\desktop\mydrv1\analog devices wavetable synthesizer(wdm)\MidiSyn.inf,MIDI_SYNTH.Interface.Install

O4 - HKLM\..\RunOnce: [WDM_MIDISYNTH1] rundll32.exe streamci.dll,StreamingDeviceSetup {B0C2EBA2-1099-4e80-A7F1-984910EB435E},MidiSyn,{DFF220F3-F70F-11D0-B917-00A0C9223196},c:\documents and settings\markteus\desktop\mydrv1\analog devices wavetable synthesizer(wdm)\MidiSyn.inf,MIDI_SYNTH.Interface.Install

O4 - HKLM\..\RunOnce: [WDM_MIDISYNTH2] rundll32.exe streamci.dll,StreamingDeviceSetup {B0C2EBA2-1099-4e80-A7F1-984910EB435E},MidiSyn,{6994AD04-93EF-11D0-A3CC-00A0C9223196},c:\documents and settings\markteus\desktop\mydrv1\analog devices wavetable synthesizer(wdm)\MidiSyn.inf,MIDI_SYNTH.Interface.Install

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -update plugin

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\OFFICE~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\OFFICE~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\OFFICE~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\OFFICE~1\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\OFFICE~1\Office12\GR99D3~1.DLL

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Arquivos de programas\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Arquivos de programas\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\AMSP\coreServiceShell.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

 

--

End of file - 9122 bytes

[wings 22]

Olá MarKteus

 

 

1.

*Baixe o MalwareBytes e salve-o no desktop

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

 

2.

*Faça um scan online com o NOD32

 

 

*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log

[MarKteus 1]

Olá MarKteus

 

 

1.

*Baixe o MalwareBytes e salve-o no desktop

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

 

2.

*Faça um scan online com o NOD32

 

 

*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Versão da Base de Dados: 6069

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

 

15/3/2011 20:38:46

mbam-log-2011-03-15 (20-38-46).txt

 

Tipo de Verificação: Verificação Completa (C:\|E:\|)

Objetos escaneados: 72198

Tempo decorrido: 1 hora(s), 0 minuto(s), 18 segundo(s)

 

Processos de Memória Infectados: 1

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 1

 

Processos de Memória Infectados:

c:\WINDOWS\Jmojea.exe (Trojan.Downloader) -> 2940 -> Unloaded process successfully.

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

c:\WINDOWS\Jmojea.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

 

ps.:o Mozilla não rodou o NOD32

[wings 22]

Talvez você não tenha instalado o add-on, solicitado, para que o scan fosse realizado.

 

 

1.

*Baixe o ERUNT e salve-o no desktop

*Crie uma pasta em C:\ chamada ERUNT e extraia para ela

*Execute o arquivo C:\ERUNT\ERUNT.exe

*Clique [OK] > [OK] > [sim] > [OK]

 

2.

*Desative temporariamente seu antivírus

 

*Baixe o ComboFix e salve-o no desktop

*Execute-o e aceite o contrato

*Se o Console de Recuperação do Microsoft Windows não estiver instalado, aceite a sua instalação

*Após a instalação do Console, clique [sim] e aguarde a conclusão das etapas

*Não use o mouse nem o teclado durante as etapas, pois isto implicará na desconfiguração do seu desktop deixando-o em branco!

*Cole o relatório apresentado

[MarKteus 1]

Talvez você não tenha instalado o add-on, solicitado, para que o scan fosse realizado.

 

 

1.

*Baixe o ERUNT e salve-o no desktop

*Crie uma pasta em C:\ chamada ERUNT e extraia para ela

*Execute o arquivo C:\ERUNT\ERUNT.exe

*Clique [OK] > [OK] > [sim] > [OK]

 

2.

*Desative temporariamente seu antivírus

 

*Baixe o ComboFix e salve-o no desktop

*Execute-o e aceite o contrato

*Se o Console de Recuperação do Microsoft Windows não estiver instalado, aceite a sua instalação

*Após a instalação do Console, clique [sim] e aguarde a conclusão das etapas

*Não use o mouse nem o teclado durante as etapas, pois isto implicará na desconfiguração do seu desktop deixando-o em branco!

*Cole o relatório apresentado

 

 

ComboFix 11-03-15.02 - Markteus 15/03/2011 23:40:56.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1983.1481 [GMT -3:00]

Executando de: c:\documents and settings\Markteus\Desktop\ComboFix.exe

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

* Criado um novo ponto de restauração

.

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 220 bytes in 2 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\_000006_.tmp.dll

c:\windows\system32\_000007_.tmp.dll

c:\windows\system32\_000013_.tmp.dll

c:\windows\system32\Cache

c:\windows\system32\drivers\jxcou.sys

c:\windows\system32\drivers\uffnnm.sys

c:\windows\system32\setup.ini

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_GBPSV

-------\Legacy_SSHNAS

-------\Service_GbpSv

-------\Service_SSHNAS

-------\Service_tkal

-------\Service_wvcyhlw

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-02-16 to 2011-03-16 ))))))))))))))))))))))))))))

.

.

2011-03-16 00:55 . 2011-03-16 00:55 -------- d-----w- c:\arquivos de programas\ESET

2011-03-15 22:34 . 2011-03-15 22:34 -------- d-----w- c:\documents and settings\Markteus\Dados de aplicativos\Malwarebytes

2011-03-15 22:34 . 2010-12-20 21:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-15 22:34 . 2011-03-15 22:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2011-03-15 22:34 . 2011-03-15 22:34 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2011-03-15 22:34 . 2010-12-20 21:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-14 03:30 . 2011-03-14 03:30 -------- d-----w- C:\contas

2011-03-13 23:40 . 2011-03-13 22:16 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys

2011-03-13 23:36 . 2011-03-13 23:36 -------- d-----w- c:\arquivos de programas\Trend Micro

2011-03-13 22:30 . 2011-03-13 23:28 -------- d-----w- C:\DVDs

2011-03-13 22:10 . 2011-03-13 22:10 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\Trend Micro

2011-03-13 22:09 . 2011-03-13 22:16 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys

2011-03-13 22:09 . 2011-03-13 22:16 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys

2011-03-13 22:09 . 2011-03-13 22:16 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-03-13 22:05 . 2011-03-14 00:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Trend Micro

2011-03-13 14:58 . 2001-10-28 19:07 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll

2011-03-13 14:58 . 2001-10-28 19:07 31488 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys

2011-03-13 14:58 . 2001-10-28 19:07 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll

2011-03-13 14:58 . 2004-08-04 01:32 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll

2011-03-13 14:58 . 2004-08-04 01:32 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll

2011-03-13 14:58 . 2004-08-04 02:04 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll

2011-03-13 14:58 . 2001-10-28 19:07 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe

2011-03-13 14:56 . 2001-10-28 19:06 7168 -c--a-w- c:\windows\system32\dllcache\kbdibm02.dll

2011-03-13 14:55 . 2001-10-28 19:06 19456 -c--a-w- c:\windows\system32\dllcache\agt0804.dll

2011-03-13 14:51 . 2004-08-04 03:45 221184 ----a-w- c:\windows\system32\wmpns.dll

2011-03-13 14:45 . 2001-10-28 19:06 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe

2011-03-13 14:29 . 2004-06-28 23:44 290816 ----a-w- c:\windows\system32\VTCfg3d.dll

2011-03-13 14:23 . 2001-08-17 23:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys

2011-03-13 14:08 . 2001-10-28 19:07 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2011-03-13 14:08 . 2001-10-28 19:07 24661 ----a-w- c:\windows\system32\spxcoins.dll

2011-03-13 14:08 . 2001-10-28 19:06 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2011-03-13 14:08 . 2001-10-28 19:06 13312 ----a-w- c:\windows\system32\irclass.dll

2011-03-13 14:03 . 2004-08-04 04:34 14043 ----a-r- c:\windows\SET40.tmp

2011-03-13 14:03 . 2004-08-04 04:31 1086058 ----a-r- c:\windows\SET34.tmp

2011-03-13 14:03 . 2004-08-04 04:40 1014492 ----a-r- c:\windows\SET31.tmp

2011-03-13 12:27 . 2011-03-13 12:27 -------- d---a-w- C:\.Trash-999

2011-03-12 17:17 . 2011-03-12 17:17 -------- d-----w- c:\documents and settings\Markteus\Dados de aplicativos\Thinstall

2011-03-12 17:17 . 2011-03-12 17:17 -------- d-----w- c:\documents and settings\Markteus\Configurações locais\Dados de aplicativos\Thinstall

2011-03-12 14:34 . 2011-03-12 17:16 -------- d-----w- c:\arquivos de programas\Recovery Toolbox for RAR

2011-03-08 14:11 . 2006-10-26 22:58 30512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll

2011-03-08 14:11 . 2006-10-26 22:58 30512 ----a-w- c:\windows\system32\mdimon.dll

2011-03-08 14:10 . 2006-10-26 22:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

2011-03-08 14:10 . 2006-10-26 22:56 32592 ----a-w- c:\windows\system32\msonpmon.dll

2011-03-08 14:01 . 2011-03-08 14:01 -------- d-----w- c:\arquivos de programas\Microsoft Visual Studio 8

2011-03-08 14:00 . 2011-03-08 14:07 -------- d-----w- c:\arquivos de programas\Office_2007

2011-03-07 17:07 . 2011-03-07 17:07 -------- d-----w- c:\documents and settings\Markteus\Dados de aplicativos\WinAVI

2011-03-07 17:07 . 2011-03-07 17:07 -------- d-----w- c:\documents and settings\Markteus\Configurações locais\Dados de aplicativos\WinAVI

2011-03-07 17:07 . 2011-03-07 17:07 -------- d-----w- c:\arquivos de programas\Video Converter

2011-03-07 17:02 . 2011-03-07 17:15 -------- d-----w- c:\documents and settings\Markteus\Dados de aplicativos\GetRightToGo

2011-03-06 23:03 . 2011-03-14 03:30 -------- d-----w- C:\Fotos LuaMEL

2011-03-01 22:23 . 2011-03-01 22:23 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2011-02-20 23:03 . 2011-02-24 00:55 164880 ---ha-w- c:\documents and settings\Markteus\Dados de aplicativos\Microsoft\Virtual PC\VPCKeyboard.dll

2011-02-20 20:07 . 2011-02-20 20:08 -------- d-----w- c:\arquivos de programas\Microsoft Virtual PC

2011-02-20 19:52 . 2011-02-20 19:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\vmcreate

2011-02-20 19:52 . 2011-02-20 19:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\explauncher

2011-02-20 19:52 . 2011-02-20 19:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\launcher

2011-02-20 18:59 . 2011-02-20 18:59 -------- dc----w- c:\windows\system32\DRVSTORE

2011-02-20 18:59 . 2010-06-24 19:08 56208 ----a-w- c:\windows\system32\drivers\hotcore3.sys

2011-02-20 18:59 . 2011-02-20 18:59 -------- d-----w- c:\arquivos de programas\Go Virtual

2011-02-20 18:49 . 2011-02-20 18:49 -------- d-----w- c:\documents and settings\Markteus\.netbeans-derby

2011-02-20 18:41 . 2011-02-20 18:41 -------- d-----w- c:\documents and settings\Markteus\.netbeans

2011-02-20 18:41 . 2011-02-20 18:41 -------- d-----w- c:\documents and settings\Markteus\.netbeans-registration

2011-02-20 18:38 . 2011-02-20 18:46 -------- d-----w- c:\arquivos de programas\NetBeans 6.9.1

2011-02-20 17:50 . 2011-02-20 18:41 -------- d-----w- c:\documents and settings\Markteus\.nbi

2011-02-20 17:21 . 2011-02-20 17:21 -------- d-----w- C:\Java

2011-02-20 17:03 . 2011-03-13 20:42 -------- d-----w- C:\Tutoriais

2011-02-20 17:02 . 2011-03-01 22:28 -------- d-----w- C:\Fotos Particulares

2011-02-20 17:00 . 2011-03-16 01:55 -------- d-----w- C:\Instaladores

2011-02-20 16:59 . 2011-02-20 17:00 -------- d-----w- c:\windows\hsperfdata_Markteus

2011-02-20 16:53 . 2011-02-20 16:53 -------- d-----w- C:\glassfishv3

2011-02-20 16:50 . 2011-02-20 16:50 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2011-02-20 16:49 . 2011-02-20 16:49 -------- d-----w- c:\arquivos de programas\Sun

2011-02-20 16:49 . 2011-02-20 16:48 472808 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll

2011-02-20 16:49 . 2011-02-20 16:48 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-20 16:49 . 2011-02-20 16:48 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-20 16:47 . 2011-02-20 18:36 -------- d-----w- c:\arquivos de programas\Java

2011-02-20 16:38 . 2011-02-20 16:38 -------- d-----w- c:\documents and settings\Markteus\Dados de aplicativos\Kingston

2011-02-20 16:33 . 2011-03-08 16:49 -------- d-----w- C:\All-Java

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2004-10-01 18:00 . 2010-07-17 13:41 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ares"="c:\arquivos de programas\Ares\Ares.exe" [2010-07-10 1015808]

"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2011-01-26 15026056]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2004-07-13 53248]

"VTTrayp"="VTtrayp.exe" [2004-06-21 143360]

"AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-10-29 249064]

"GrooveMonitor"="c:\arquivos de programas\Office_2007\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"Trend Micro Client Framework"="c:\arquivos de programas\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-03-13 112632]

"Trend Micro Titanium"="c:\arquivos de programas\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-03-13 1062224]

"OE"="c:\arquivos de programas\Trend Micro\Titanium\plugin\TMAS\TMAS_OE\TMAS_OEMon.exe" [2011-03-13 238928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"WDM_MIDISYNTH0"="streamci.dll" [2001-10-28 8192]

"WDM_MIDISYNTH1"="streamci.dll" [2001-10-28 8192]

"WDM_MIDISYNTH2"="streamci.dll" [2001-10-28 8192]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

.

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquiv~1\GbPlugin\gbiehUni.dll" [2010-10-11 341928]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Taskman"=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2010-10-11 15:51 341928 ----a-w- c:\arquiv~1\GbPlugin\gbiehUni.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sprestrt

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\SmartFTP Client\\SmartFTP.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Office_2007\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Office_2007\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Office_2007\\Office12\\ONENOTE.EXE"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [30/10/2010 01:40 45096]

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [20/2/2011 15:59 56208]

R2 Amsp;Trend Micro Solution Platform;c:\arquivos de programas\Trend Micro\AMSP\coreServiceShell.exe [13/3/2011 20:36 196320]

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [13/3/2011 19:09 64080]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [20/6/2010 18:49 30104]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [22/6/2010 21:05 136176]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [20/6/2010 18:49 30104]

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-06-23 00:05]

.

2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-06-23 00:05]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.olhonoclick.com.br/

uInternet Settings,ProxyOverride = <local>

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\OFFICE~1\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Markteus\Dados de aplicativos\Mozilla\Firefox\Profiles\9dqrgqcm.default\

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC09405} - c:\arquivos de programas\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension

.

- - - - ORFÃOS REMOVIDOS - - - -

.

HKCU-Run-AdobeBridge - (no file)

HKLM-Run-Cmaudio - cmicnfg.cpl

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-03-15 23:52

Windows 5.1.2600 Service Pack 2 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

.

c:\docume~1\Markteus\CONFIG~1\Temp\jusched.log 403 bytes

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 1

.

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(796)

c:\arquiv~1\GbPlugin\gbiehUni.dll

c:\arquivos de programas\Arquivos comuns\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

- - - - - - - > 'explorer.exe'(4008)

c:\arquivos de programas\Trend Micro\Titanium\plugin\TMAS\TMAS_OE\TMAS_OEHook.dll

c:\arquivos de programas\SmartFTP Client\pt-BR\sfShellTools.dll.mui

c:\windows\system32\shdoclc.dll

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXEV.DLL

c:\arquiv~1\GbPlugin\gbiehUni.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Trend Micro\AMSP\coreFrameworkHost.exe

c:\arquivos de programas\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

c:\windows\system32\inetsrv\inetinfo.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

c:\arquiv~1\MI6841~1\MSSQL\binn\sqlservr.exe

c:\arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\windows\system32\VTTimer.exe

c:\windows\system32\VTtrayp.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\arquivos de programas\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Tempo para conclusão: 2011-03-16 00:03:39 - Máquina reiniciou

ComboFix-quarantined-files.txt 2011-03-16 03:03

ComboFix2.txt 2010-01-09 21:36

ComboFix3.txt 2008-05-06 21:35

ComboFix4.txt 2008-05-06 20:45

ComboFix5.txt 2010-02-20 01:02

.

Pré-execução: 6.062.243.840 bytes disponíveis

Pós execução: 6.504.853.504 bytes disponíveis

.

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 83A26A65975940C7D790CADDC9038606

 

[wings 22]

OK...log limpo. :)

 

 

*Clique [iniciar] > [Executar] > copie e cole: Combofix /uninstall

 

 

*Clique [OK] > [Executar]

*Aguarde a mensagem: "ComboFix está desinstalado" e clique [OK]

 

 

Um abraço.

[MarKteus 1]

OK...log limpo. :)

 

 

*Clique [iniciar] > [Executar] > copie e cole: Combofix /uninstall

 

 

*Clique [OK] > [Executar]

*Aguarde a mensagem: "ComboFix está desinstalado" e clique [OK]

 

 

Um abraço.

 

 

Obrigado!!

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.