esse arquivo C:\Windows\system32\7187BB8154.sys não consegui achar mais... coloquei ate em pesquisar .. fui diretamente na pasta e nada..
o outro o relatorio foi esse
Arquivo ARPPRODUCTICON.exe recebido em 2009.12.06 18:46:56 (UTC)
Andamento: terminado
Resultado: 0/40 (0.00%)
Modo compacto
Imprimir resultados
Antivírus Versão Última Atualização Resultado
a-squared 4.5.0.43 2009.12.06 -
AhnLab-V3 5.0.0.2 2009.12.06 -
AntiVir 7.9.1.92 2009.12.05 -
Antiy-AVL 2.0.3.7 2009.12.04 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.06 -
AVG 8.5.0.426 2009.12.06 -
BitDefender 7.2 2009.12.06 -
CAT-QuickHeal 10.00 2009.12.05 -
ClamAV 0.94.1 2009.12.06 -
Comodo 3103 2009.12.01 -
DrWeb 5.0.0.12182 2009.12.06 -
eSafe 7.0.17.0 2009.12.06 -
eTrust-Vet 35.1.7159 2009.12.04 -
F-Prot 4.5.1.85 2009.12.05 -
F-Secure 9.0.15370.0 2009.12.03 -
Fortinet 4.0.14.0 2009.12.06 -
GData 19 2009.12.06 -
Ikarus T3.1.1.74.0 2009.12.06 -
Jiangmin 13.0.900 2009.12.02 -
K7AntiVirus 7.10.912 2009.12.05 -
Kaspersky 7.0.0.125 2009.12.06 -
McAfee 5824 2009.12.06 -
McAfee+Artemis 5824 2009.12.06 -
McAfee-GW-Edition 6.8.5 2009.12.06 -
Microsoft 1.5302 2009.12.06 -
NOD32 4665 2009.12.06 -
Norman 6.03.02 2009.12.05 -
nProtect 2009.1.8.0 2009.12.06 -
Panda 10.0.2.2 2009.12.06 -
PCTools 7.0.3.5 2009.12.05 -
Rising 22.24.06.04 2009.12.06 -
Sophos 4.48.0 2009.12.06 -
Sunbelt 3.2.1858.2 2009.12.06 -
Symantec 1.4.4.12 2009.12.06 -
TheHacker 6.5.0.2.086 2009.12.05 -
TrendMicro 9.100.0.1001 2009.12.06 -
VBA32 3.12.12.0 2009.12.03 -
ViRobot 2009.12.4.2072 2009.12.04 -
VirusBuster 5.0.21.0 2009.12.06 -
Informações adicionais
File size: 10134 bytes
MD5 : 6e42cf0d47af25dea4cecdbe093d521c
SHA1 : ec3e157d289629ab3c391800e7d8774e0f3a2ec0
SHA256: 7e1f9048d457369e50ee2ccc3659c897a740ecf722036858c8 8390115e5612a1
TrID : File type identification
Windows Icon (57.2%)
MPEG Video (42.7%)
ssdeep: 96:SYONfeZEWVArvU3mONfeZEWV4+xF9p0ONfeZEWVblMb6Ujj DhPm2TBnDifnZPmS:KNeTL3TNeT4+vDFNeTb6bVPmSB2nZPmS
PEiD : -
CWSandbox:
http://research.sunbelt-software.com...cecdbe093d521c
RDS : NSRL Reference Data Set
( Borland Software Corp. )
Delphi Studio: SetupIcon.ibdDelphi Studio with .NET interoperability: SetupIcon.ibd
( Microsoft )
.NET Framework SDK: SETUP.ICOApplications, Developer Tools: SETUPICON.IBDApplications, Developer Tools, Servers: SETUP.ICOBeta 2 Kit 2003: Setup.icoDeveloper Tools: SETUPICON.IBDDeveloper Tools, Servers: SETUPICON.IBDDisc 2488: SETUPICON.IBD, SetupIcon.ibdExchange 2000 Enterprise Server: SETUPICON.IBDExchange Server 2000: SETUPICON.IBDInternet Explorer Versions: SETUP.ICOInternet Explorer Versions: SETUP.ICOMSDN Disc: SETUP.ICOMSDN Disc 2436.10: SETUP.ICOMSDN Disc 2436.12: SETUP.ICOMSDN Disc 2436.18: SETUP.ICOMSDN Disc 2436.19: SETUP.ICOMSDN Disc 2436.20: SETUP.ICOMSDN Disc 2436.22: SETUP.ICOMSDN Disc 2436.24: SETUP.ICOMSDN Disc 2436.25: SETUP.ICOMSDN Disc 2436.26: SETUP.ICOMSDN Disc 2436.27: SETUP.ICOMSDN Disc 2436.28: SETUP.ICOMSDN Disc 2436.5: SETUP.ICOMSDN Disc 2436.6: SETUP.ICOMSDN Disc 2436.7: SETUP.ICOMSDN Disc 2436.8: SETUP.ICOMSDN Disc 3089: SETUPICON.IBDMSDN Disc 3089.1: SETUPICON.IBDMSDN Disc2436.3: SETUP.ICOMSDN Disc2488.1: SETUPICON.IBD, SetupIcon.ibdMSDN Disk 2436.14: SETUP.ICOMSDN Disk 2436.22: SETUP.ICOMSDN MS .NET framework 1.1 SDK, App. Center 2000 dev. ed., Commerce server 2002 dev. ed., Data Analyzer 3.5, Host Integration server 2000: SETUP.ICOMSDN MS .NET Framework 1.1 SDK, IE 5.5 SP1, IE 6.0, IE 6.0 SP1, SharePoint Server 2001, SharePoint Server 2001 SP2A: SETUP.ICOMSDN MS Application Center 2000, BizTalk Server 2002, BizTalk server 2004 beta, Content Management Server 2002, Identity Integration Server 2003: SETUP.ICOMSDN Office Publisher 2003: SETUP.ICOMSDN SharePoint portal server 2001, SMS 2.0 w SP2, MS IE 5.5 SP1, IE 6.0, IE 6.0 SP1, Windows 98, Windows ME: SETUP.ICOServers: SETUPICON.IBDSharePoint Portal Server: SETUP.ICOSharePoint Portal Server 2001: SETUP.ICOSharePoint Portal Server 2001: SETUP.ICOSharePoint Portal Server 2001: SETUP.ICOTahoe Server: SETUP.ICOVisual SourceSafe: SETUPICON.IBD
( Future Publishing )
ATmission Live CD - MEPIS Linux: binary9
ATENÇÃO: VirusTotal é um serviço gratuito oferecido por Hispasec Sistemas. Não há garantias quanto à disponibilidade e continuidade desse serviço. Apesar da taxa de detecção proporcionada pelo uso de múltiplos mecanismos de antivírus ser muito superior àquela oferecida por um único produto, os resultados NÃO garantem a possibilidade de um arquivo ser inofensivo. Atualmente, não há qualquer solução que ofereça 100% de eficiência na detecção de vírus e arquivos maliciosos..
VirusTotal © Hispasec Sistemas - Blog - Contato:
info@virustotal.com - Terms of Service & Privacy Policy
e aqui esta o ultimo relatorio ComboFix
ComboFix 09-12-08.03 - Bruno 09/12/2009 12:41:13.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.55.1046.18.2039.1325 [GMT -2:00]
Executando de: c:\users\Bruno\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\Bruno\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 091208-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1368 [VPS 091208-1] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\cbbtfmon.exe"
.
ADS - drivers: deleted 204 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
c:\windows\cbbtfmon.exe
c:\windows\system32\ccrpTmr6.dll
.
---- Execuções precedente -------
.
c:\windows\system32\ccrpTmr6.dll
.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-09 to 2009-12-09 ))))))))))))))))))))))))))))
.
2030-08-29 13:22 . 2030-08-29 13:22 56832 ------w- c:\windows\system32\iyvu9_32.dll
2030-08-29 13:22 . 2030-08-29 13:22 143872 ------w- c:\windows\system32\iacenc.dll
2009-12-09 14:50 . 2009-12-09 14:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-09 00:36 . 2009-12-09 00:36 -------- d-----w- c:\program files\UltraPlayer
2009-12-09 00:29 . 2009-12-09 00:29 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-12-08 21:09 . 2009-12-09 00:34 -------- d-----w- c:\program files\Winamp
2009-12-08 17:44 . 2009-12-08 17:44 -------- d-----w- c:\program files\ESET
2009-12-08 15:52 . 2009-12-08 15:52 -------- d-----w- c:\users\Bruno\AppData\Roaming\Malwarebytes
2009-12-08 15:52 . 2009-12-03 18:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-08 15:52 . 2009-12-08 15:52 -------- d-----w- c:\programdata\Malwarebytes
2009-12-08 15:52 . 2009-12-03 18:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-08 15:01 . 2009-12-08 15:04 -------- d-----w- C:\LinhaDefensiva
2009-12-08 14:52 . 2009-12-09 14:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-08 09:47 . 2009-12-08 09:48 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-11-23 20:25 . 2009-11-23 20:25 -------- d-----w- C:\ZillaPDFtoTXTConverter
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-12-09 14:34 . 2009-08-29 16:57 -------- d-----w- c:\programdata\GbPlugin
2009-12-09 14:04 . 2009-08-29 16:57 -------- d-----w- c:\program files\GbPlugin
2009-12-09 00:36 . 2009-08-28 11:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-09 00:35 . 2009-08-28 11:32 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-08 17:18 . 2009-09-16 22:47 -------- d-----w- c:\program files\Google
2009-12-08 09:48 . 2009-09-12 19:43 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-08 09:47 . 2009-10-03 18:15 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-12-06 18:03 . 2006-11-06 01:32 83822 ----a-w- c:\windows\system32\prfc0416.dat
2009-12-06 18:03 . 2006-11-06 01:32 508502 ----a-w- c:\windows\system32\prfh0416.dat
2009-12-03 22:56 . 2009-08-28 17:35 -------- d-----w- c:\program files\Avast4
2009-11-24 23:54 . 2009-08-28 17:35 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:50 . 2009-08-28 17:36 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-08-28 17:36 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-08-28 17:35 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-24 23:49 . 2009-08-28 17:36 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-08-28 17:36 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-08-28 17:36 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-24 11:31 . 2009-08-28 17:14 -------- d-----w- c:\programdata\Microsoft Help
2009-11-16 13:21 . 2009-10-09 12:23 -------- d-----w- c:\program files\VidSplitter
2009-11-16 12:33 . 2009-11-05 10:42 -------- d-----w- c:\program files\Netscape
2009-11-05 10:43 . 2009-11-05 10:43 0 ----a-w- c:\windows\nsreg.dat
2009-11-05 10:43 . 2009-11-05 10:43 -------- d-----w- c:\users\Bruno\AppData\Roaming\Netscape
2009-11-01 19:52 . 2009-11-01 19:52 10134 ----a-r- c:\users\Bruno\AppData\Roaming\Microsoft\Installer \{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-11-01 19:52 . 2009-11-01 19:52 -------- d-----w- c:\program files\Microsoft WSE
2009-10-26 19:09 . 2009-09-17 11:09 -------- d-----w- c:\program files\CDBurnerXP
2009-10-26 19:05 . 2009-10-26 19:05 -------- d-----w- c:\users\Bruno\AppData\Roaming\Ashampoo
2009-10-26 18:59 . 2009-10-26 18:59 -------- d-----w- c:\programdata\ashampoo
2009-10-26 18:59 . 2009-10-26 18:59 -------- d-----w- c:\program files\Ashampoo
2009-10-17 17:08 . 2009-10-17 17:08 -------- d-----w- c:\programdata\Canneverbe Limited
2009-10-15 17:48 . 2009-08-29 18:33 30752 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2009-09-27 18:27 . 2009-08-28 11:26 100248 ----a-w- c:\users\Bruno\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-26 20:38 . 2009-09-26 20:38 1202 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-09-26 16:22 . 2009-09-26 16:05 167998 ----a-w- c:\windows\hpoins28.dat
2009-09-16 22:46 . 2009-09-16 22:46 56 --sh--r- c:\windows\system32\7187BB8154.sys
2009-09-16 22:46 . 2009-09-16 22:46 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"eMuleAutoStart"="d:\emule\emule.exe" [2009-02-22 5668864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-02 1004136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-04 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-04 154392]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2007-04-04 133912]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-29 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"agpl"="c:\windows\system32\agpl.exe" [BU]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [BU]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-18 2752512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2009-10-15 17:42 316192 ----a-w- c:\program files\GbPlugin\gbieh.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
R0 GbpKm;Gbp KernelMode;c:\windows\System32\drivers\gbpkm.sys [29/08/2009 16:33 30752]
R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2medi a.sys [20/11/2006 16:14 38400]
R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.s ys [09/03/2007 15:01 35968]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [28/08/2009 15:36 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswF sBlk.sys [28/08/2009 15:36 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\as wMonFlt.sys [28/08/2009 15:35 53328]
R2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [23/10/2009 06:07 54048]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [04/12/2009 11:13 135664]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [12/09/2009 17:43 691696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.infonet.com.br/
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab
.
- - - - ORFÃOS REMOVIDOS - - - -
HKLM-Run-GbpSbb - c:\windows\cbbtfmon.exe
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-12-09 12:55
Windows 6.0.6000 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
************************************************** ************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'Explorer.exe'(752)
c:\windows\system32\TosBtExt.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files\Avast4\aswUpdSv.exe
c:\program files\Avast4\ashServ.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RtHDVCpl.exe
c:\program files\Avast4\ashDisp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files\O2Micro\o2flash.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\program files\Avast4\ashMaiSv.exe
c:\program files\Avast4\ashWebSv.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
.
************************************************** ************************
.
Tempo para conclusão: 2009-12-09 12:58:06 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-12-09 14:58
Pré-execução: 13.326.381.056 bytes disponíveis
Pós execução: 13.231.738.880 bytes disponíveis
- - End Of File - - 1C6BCAC1BD7354F39426EEDF702DE8B2
[Ajuda] Malware
. Nós temos 759.284 usuários, convidamos você fazer parte de nossa comunidade também! Se ainda não encontrou o que procura use nossa pesquisa. Esperamos que aprecie nosso trabalho.
[Ajuda] Malware
