[Resolvido!] Infectado com Backdoor.Hupigon.A!ct

EDSSX · Dezembro 24, 2009

Bom dia !

Segundo o Silas Martins em teu post de hoje ( 24/12/2009 às 03:57 ) em meu tópico http://forum.imasters.com.br/index.php?/topic/376242-problema-com-software/ ; em minha máquina há o Backdoor.Hupigon.A!ct .

Segue os logs :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:45:07, on 24/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\AlienGUIse\wbload.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

D:\Arquivos de programas\CursorXP\CursorXP.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\WINDOWS\system32\wuauclt.exe

D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe

D:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

D:\Documents and Settings\edsom luis\Meus documentos\Downloads\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=0&l=dir

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - Default URLSearchHook is missing

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [Gadwin PrintScreen] "D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash

O4 - HKCU\..\Run: [CursorXP] D:\Arquivos de programas\CursorXP\CursorXP.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Gerenciador do Google Desktop 5.9.906.4286 (GoogleDesktopManager-060409-093314) - GAS Tecnologia - (no file)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe

--

End of file - 4038 bytes

DDS (Ver_09-12-01.01) - FAT32x86

Run by edsom luis at 9:46:02,06 on 24/12/2009

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.133 [GMT -2:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch

SVCHOST.EXE

D:\WINDOWS\System32\svchost.exe -k netsvcs

SVCHOST.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\AlienGUIse\wbload.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

D:\Arquivos de programas\CursorXP\CursorXP.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

D:\WINDOWS\System32\svchost.exe -k eapsvcs

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\WINDOWS\system32\wuauclt.exe

D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe

D:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

D:\Documents and Settings\edsom luis\Meus documentos\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/?o=0&l=dir

mWindow Title =

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - d:\arquivos de programas\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - d:\arquivos de programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - d:\arquivos de programas\yahoo!\companion\installs\cpn\YTSingleInstance.dll

uRun: [Gadwin PrintScreen] "d:\arquivos de programas\gadwin systems\printscreen\PrintScreen.exe" /nosplash

uRun: [CursorXP] d:\arquivos de programas\cursorxp\CursorXP.exe

mRunOnce: [Malwarebytes' Anti-Malware] d:\arquivos de programas\malwarebytes' anti-malware\mbamgui.exe /install /silent

uPolicies-explorer: NoRealMode = 0 (0x0)

uPolicies-explorer: HonorAutoRunSetting = 0 (0x0)

uPolicies-explorer: NoFileUrl = 0 (0x0)

uPolicies-explorer: NoUpdateCheck = 0 (0x0)

mPolicies-explorer: NoPopUpsOnBoot = 1 (0x1)

IE: E&xportar para o Microsoft Excel - d:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Notify: WB - d:\arquivos de programas\alienguise\fastload.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2009-9-11 64160]

R1 avgio;avgio;d:\arquivos de programas\avira\antivir desktop\avgio.sys [2009-11-24 11608]

R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [2009-9-18 115856]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [2009-9-18 41424]

R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [2005-3-15 277504]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\avira\antivir desktop\sched.exe [2009-11-24 108289]

R2 AntiVirService;Avira AntiVir Guard;d:\arquivos de programas\avira\antivir desktop\avguard.exe [2009-11-24 185089]

R2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2009-3-18 56816]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [2009-9-18 91856]

R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [2009-9-9 100368]

R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [2007-3-23 30032]

S?4 MBAMSwissArmy;MBAMSwissArmy;d:\windows\system32\drivers\mbamswissarmy.sys [2009-12-24 38224]

S0 GbpKm;Gbp KernelMode;d:\windows\system32\drivers\GbpKm.sys [2009-4-18 26568]

S0 TfFsMon;TfFsMon;d:\windows\system32\drivers\tffsmon.sys --> d:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;d:\windows\system32\drivers\tfsysmon.sys --> d:\windows\system32\drivers\TfSysMon.sys [?]

S3 GoogleDesktopManager-060409-093314;Gerenciador do Google Desktop 5.9.906.4286; [x]

S3 KProcWatch;KProcWatch; [x]

S3 RegGuard;RegGuard;d:\windows\system32\drivers\regguard.sys [2009-9-17 29584]

S3 rspSanity;rspSanity;d:\windows\system32\drivers\rspSanity32.sys [2009-4-14 30136]

S3 TfNetMon;TfNetMon; [x]

============== File Associations ===============

inifile=Notepad.exe "%1"

=============== Created Last 30 ================

2009-12-24 16:21:45 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2009-12-24 16:21:41 19160 ----a-w- d:\windows\system32\drivers\mbam.sys

2009-12-24 16:09:00 2845 ----a-w- D:\BdUninstallTool2009.12.24-02.09.00.reg

2009-12-24 16:04:27 0 d-----w- d:\arquivos de programas\Malwarebytes' Anti-Malware

2009-12-23 02:39:32 0 d-sha-r- D:\autorun.inf

2009-12-19 04:10:17 0 d-----w- d:\arquivos de programas\CCleaner

2009-12-18 20:46:50 0 d-----w- d:\windows\system32\wbem\Repository

2009-12-18 17:36:17 0 d--h--w- d:\documents and settings\edsom luis\Recent(2)

2009-12-18 17:29:50 0 d-sh--w- D:\Recycled

2009-12-16 01:22:32 0 d-----w- d:\arquivos de programas\CursorXP

2009-12-14 00:07:29 0 d-----w- d:\arquivos de programas\MegaJogos

2009-12-12 22:34:39 0 d-----w- d:\docume~1\edsoml~1\dadosd~1\GetRightToGo

2009-12-12 16:03:31 3932214 ----a-w- d:\windows\InvaderDark1280.bmp

2009-12-11 20:31:20 3 ----a-w- d:\windows\rrxx.dll

2009-12-09 03:22:40 0 d-----w- D:\Lop SD

2009-12-09 02:49:45 98816 ----a-w- d:\windows\sed.exe

2009-12-09 02:49:45 161792 ----a-w- d:\windows\SWREG.exe

2009-12-05 20:14:00 0 d-----w- d:\docume~1\edsoml~1\dadosd~1\K-Meleon

2009-12-05 20:13:18 0 d-----w- d:\arquivos de programas\K-Meleon

2009-12-05 18:47:35 0 ----a-w- d:\documents and settings\edsom luis\ipconfig

2009-12-04 12:41:31 170 ----a-w- d:\windows\spywarebegone-fullversion-installed.html

2009-12-01 21:13:17 0 d--h--w- d:\windows\PIF

2009-12-01 17:27:56 284032 ----a-w- d:\windows\system32\XceedZip.dll

2009-12-01 01:12:39 579072 ----a-w- d:\windows\system32\dllcache\user32.dll

2009-11-29 02:00:30 0 d-----w- d:\arquivos de programas\MSXML 4.0

2009-11-27 20:47:44 0 d-----w- d:\arquivos de programas\arquivos comuns\unite

2009-11-27 20:47:44 0 d-----w- d:\arquivos de programas\arquivos comuns\ui

2009-11-27 20:47:44 0 d-----w- d:\arquivos de programas\arquivos comuns\styles

2009-11-27 20:47:44 0 d-----w- d:\arquivos de programas\arquivos comuns\skin

2009-11-27 20:47:44 0 d-----w- d:\arquivos de programas\arquivos comuns\program

2009-11-27 20:47:44 0 d-----w- d:\arquivos de programas\arquivos comuns\extra

2009-11-25 16:18:43 9216 ----a-w- d:\windows\system32\find.exe

2009-11-25 16:18:43 9216 ----a-w- d:\windows\system32\dllcache\find.exe

2009-11-25 13:08:57 0 d-----w- D:\FindyKill

2009-11-25 12:38:56 0 d-----w- d:\docume~1\edsoml~1\dadosd~1\QuickScan

2009-11-24 21:44:58 0 d-----w- D:\UsbFix

2009-11-24 21:40:23 73728 ----a-w- d:\windows\system32\javacpl.cpl

2009-11-24 21:34:00 0 d-----w- d:\docume~1\alluse~1\dadosd~1\Avira

2009-11-24 21:16:00 0 d-----w- D:\ToolBar SD

==================== Find3M ====================

2009-12-24 15:37:02 12 ----a-w- d:\windows\system32\drivers\IncompleteBoot.cnt

2009-12-22 01:47:14 80198 ----a-w- d:\windows\system32\perfc016.dat

2009-12-22 01:47:14 471376 ----a-w- d:\windows\system32\perfh016.dat

2009-12-14 07:35:46 73216 ----a-w- d:\windows\ST6UNST.EXE

2009-12-14 07:35:46 249856 ------w- d:\windows\Setup1.exe

2009-12-10 00:54:08 261632 ----a-w- d:\windows\PEV.exe

2009-12-08 02:21:34 56816 ----a-w- d:\windows\system32\drivers\avgntflt.sys

2009-12-01 17:16:32 38338 ----a-w- d:\arquivos de programas\Uninst.isu

2009-11-27 20:47:52 218 ----a-w- d:\arquivos de programas\arquivos comuns\operaprefs_default.ini

2009-11-24 21:40:16 411368 ----a-w- d:\windows\system32\deploytk.dll

2009-11-24 08:18:56 32 --sha-w- d:\windows\system32\drivers\fidbox.idx

2009-11-24 08:18:56 32 --sha-w- d:\windows\system32\drivers\fidbox.dat

2009-11-20 21:11:28 15828 ----a-w- d:\arquivos de programas\arquivos comuns\license.rtf

2009-11-20 21:01:18 832296 ----a-w- d:\arquivos de programas\arquivos comuns\opera.exe

2009-11-20 21:01:16 4450088 ----a-w- d:\arquivos de programas\arquivos comuns\opera.dll

2009-11-20 21:00:42 20480 ----a-w- d:\arquivos de programas\arquivos comuns\OUniAnsi.dll

2009-11-20 21:00:24 653419 ----a-w- d:\arquivos de programas\arquivos comuns\encoding.bin

2009-11-13 20:19:06 2320 ----a-w- d:\arquivos de programas\arquivos comuns\operadef6.ini

2009-10-28 14:40:48 173056 ----a-w- d:\windows\system32\dllcache\ie4uinit.exe

2009-10-25 08:11:36 77312 ----a-w- d:\windows\MBR.exe

2009-10-21 05:39:40 75776 ----a-w- d:\windows\system32\strmfilt.dll

2009-10-21 05:39:40 75776 ------w- d:\windows\system32\dllcache\strmfilt.dll

2009-10-21 05:39:40 25088 ----a-w- d:\windows\system32\httpapi.dll

2009-10-21 05:39:40 25088 ------w- d:\windows\system32\dllcache\httpapi.dll

2009-10-20 16:20:16 265728 ------w- d:\windows\system32\dllcache\http.sys

2009-10-13 10:34:00 271360 ----a-w- d:\windows\system32\oakley.dll

2009-10-13 10:34:00 271360 ------w- d:\windows\system32\dllcache\oakley.dll

2009-10-12 13:39:20 79872 ----a-w- d:\windows\system32\raschap.dll

2009-10-12 13:39:20 79872 ------w- d:\windows\system32\dllcache\raschap.dll

2009-10-12 13:39:20 150016 ----a-w- d:\windows\system32\rastls.dll

2009-10-12 13:39:20 150016 ------w- d:\windows\system32\dllcache\rastls.dll

2009-08-26 15:04:28 11233 ----a-w- d:\arquivos de programas\fm20enu.dll.zip

2009-08-20 14:06:06 126704693 ----a-w- d:\arquivos de programas\brofficeorg1.cab

2009-08-20 14:04:26 9812992 ----a-w- d:\arquivos de programas\brofficeorg31.msi

2009-08-19 07:39:36 330 ----a-w- d:\arquivos de programas\setup.ini

2009-07-10 05:20:00 621546 ----a-w- d:\arquivos de programas\ACIHELP.HLP

2009-07-10 05:20:00 3219 ----a-w- d:\arquivos de programas\Acihelp.cnt

2009-06-17 16:41:58 3870 ----a-w- d:\arquivos de programas\arquivos comuns\lngcode.txt

2008-06-09 12:17:20 301 ----a-w- d:\arquivos de programas\arquivos comuns\c3nform.vxml

2004-02-26 15:35:04 7904 ----a-w- d:\arquivos de programas\arquivos comuns\html40_entities.dtd

2002-03-11 08:06:30 1822520 ----a-w- d:\arquivos de programas\instmsiw.exe

2002-03-11 07:45:04 1708856 ----a-w- d:\arquivos de programas\instmsia.exe

2009-01-21 14:39:44 32768 --sha-w- d:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012009012120090122\index.dat

2009-09-11 16:30:12 245760 --sha-w- d:\windows\system32\config\systemprofile\ietldcache\index.dat

2009-03-08 16:09:26 638816 --sha-w- d:\windows\servicepackfiles\i386\iexplore.exe

============= FINISH: 9:47:43,51 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 19/09/2007 10:51:37

System Uptime: 24/12/2009 08:36:43 (1 hours ago)

Motherboard: ECS | | M825G

Processor: AMD Sempron 2400+ | Socket-A | 1668/166mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (FAT32) - 17 GiB total, 7,435 GiB free.

D: is FIXED (FAT32) - 59 GiB total, 34,778 GiB free.

E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}

Description: RADEON 9200 PRO Family (Microsoft Corporation)

Device ID: PCI\VEN_1002&DEV_5960&SUBSYS_061018BC&REV_01\4&1FEB96E4&0&0008

Manufacturer: ATI Technologies Inc.

Name: RADEON 9200 PRO Family (Microsoft Corporation)

PNP Device ID: PCI\VEN_1002&DEV_5960&SUBSYS_061018BC&REV_01\4&1FEB96E4&0&0008

Service: ati2mtag

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}

Description: RADEON 9200 PRO SEC Family (Microsoft Corporation)

Device ID: PCI\VEN_1002&DEV_5940&SUBSYS_061118BC&REV_01\4&1FEB96E4&0&0108

Manufacturer: ATI Technologies Inc.

Name: RADEON 9200 PRO SEC Family (Microsoft Corporation)

PNP Device ID: PCI\VEN_1002&DEV_5940&SUBSYS_061118BC&REV_01\4&1FEB96E4&0&0108

Service: ati2mtag

Class GUID:

Description:

Device ID: STREAM\7131TVTUNER\4&2164E342&0&0

Manufacturer:

Name:

PNP Device ID: STREAM\7131TVTUNER\4&2164E342&0&0

Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Controlador de comunicação PCI simples

Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E

Manufacturer:

Name: Controlador de comunicação PCI simples

PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E

Service:

Class GUID:

Description:

Device ID: ROOT\LEGACY_BOCDRIVE\0000

Manufacturer:

Name:

PNP Device ID: ROOT\LEGACY_BOCDRIVE\0000

Service:

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}

Description: Dispositivo de áudio USB

Device ID: ROOT\LEGACY_WEBROOTSPYSWEEPERSERVICE\0000

Manufacturer: (Áudio USB genérico)

Name: Dispositivo de áudio USB

PNP Device ID: ROOT\LEGACY_WEBROOTSPYSWEEPERSERVICE\0000

Service: usbaudio

==== System Restore Points ===================

RP67: 19/12/2009 00:00:18 - Software Distribution Service 3.0

RP68: 19/12/2009 00:00:57 - Revo Uninstaller's restore point - HP Photo and Imaging 2.0 - Deskjet Series

RP69: 19/12/2009 00:01:14 - Revo Uninstaller's restore point - HP Photo and Imaging 2.0 - Deskjet Series

RP70: 19/12/2009 00:02:09 - Removido HP Photo and Imaging 2.0 - Deskjet Series

RP71: 19/12/2009 00:04:24 - Revo Uninstaller's restore point - hp print screen utility

RP72: 19/12/2009 00:29:10 - Windows XP KB961371-v2 instalado.

RP73: 19/12/2009 00:30:10 - Windows XP KB961373 instalado.

RP74: 19/12/2009 00:30:30 - Windows XP KB961501 instalado.

RP75: 18/12/2009 23:44:22 - Windows XP KB968537 instalado.

RP76: 18/12/2009 23:45:24 - Windows XP KB969059 instalado.

RP77: 18/12/2009 23:46:25 - Windows XP KB969898 instalado.

RP78: 18/12/2009 23:49:01 - Windows XP KB970238 instalado.

RP79: 18/12/2009 23:49:42 - Windows XP KB974392 instalado.

RP80: 18/12/2009 23:52:22 - Windows XP KB969059 instalado.

RP81: 18/12/2009 23:57:30 - Windows XP KB974392 instalado.

RP82: 18/12/2009 23:58:54 - Windows XP KB971486 instalado.

RP83: 19/12/2009 00:00:02 - Windows XP KB971557 instalado.

RP84: 19/12/2009 00:01:01 - Windows XP KB971633 instalado.

RP85: 19/12/2009 00:01:59 - Windows XP KB971657 instalado.

RP86: 19/12/2009 00:02:55 - Windows XP KB971961 instalado.

RP87: 19/12/2009 01:19:27 - Windows XP KB961501 instalado.

RP88: 19/12/2009 01:39:58 - Windows XP KB973346 instalado.

RP89: 19/12/2009 01:40:25 - Windows XP KB973354 instalado.

RP90: 19/12/2009 01:40:56 - Windows XP KB973507 instalado.

RP91: 19/12/2009 01:41:18 - Windows XP KB973525 instalado.

RP92: 19/12/2009 01:41:48 - Windows XP KB973869 instalado.

RP93: 19/12/2009 01:42:20 - Windows XP KB974112 instalado.

RP94: 19/12/2009 01:42:55 - Windows XP KB974392 instalado.

RP95: 19/12/2009 01:43:19 - Windows XP KB974571 instalado.

RP96: 19/12/2009 01:43:39 - Windows XP KB975025 instalado.

RP97: 19/12/2009 01:44:02 - Windows XP KB975467 instalado.

RP98: 19/12/2009 01:52:05 - Revo Uninstaller's restore point - CCleaner

RP99: 19/12/2009 01:55:43 - Wise Registry Cleaner Restore Point

RP100: 19/12/2009 01:59:37 - Revo Uninstaller's restore point - Wise Registry Cleaner 4 Free 4.92

RP101: 19/12/2009 02:16:18 - Windows XP KB951978 instalado.

RP102: 19/12/2009 02:16:57 - Windows XP KB967715 instalado.

RP103: 19/12/2009 02:17:31 - Windows XP KB968389 instalado.

RP104: 19/12/2009 02:17:53 - Windows XP KB973815 instalado.

RP105: 19/12/2009 01:49:36 - Software Distribution Service 3.0

RP106: 19/12/2009 02:25:53 - Software Distribution Service 3.0

RP107: 19/12/2009 12:29:35 - Revo Uninstaller's restore point - ACI Windows

RP108: 19/12/2009 14:50:32 - Revo Uninstaller's restore point - Advanced SystemCare 3

RP109: 19/12/2009 17:59:55 - Revo Uninstaller's restore point - Mozilla Firefox (3.0.11)

RP110: 19/12/2009 18:04:11 - Revo Uninstaller's restore point - Opera 10.00

RP111: 19/12/2009 18:04:29 - Removed Opera 10.00.

RP112: 19/12/2009 16:55:16 - Revo Uninstaller's restore point - HijackThis 2.0.2

RP113: 21/12/2009 00:00:17 - Software Distribution Service 3.0

RP114: 21/12/2009 10:17:18 - Software Distribution Service 3.0

RP115: 22/12/2009 00:00:25 - Software Distribution Service 3.0

RP116: 22/12/2009 01:37:42 - Software Distribution Service 3.0

RP117: 22/12/2009 01:39:31 - Software Distribution Service 3.0

RP118: 22/12/2009 01:42:26 - Software Distribution Service 3.0

RP119: 22/12/2009 02:18:39 - Revo Uninstaller's restore point - Windows Live Essentials

RP120: 22/12/2009 02:26:07 - Revo Uninstaller's restore point - Assistente de Conexão do Windows Live

RP121: 22/12/2009 02:27:18 - Revo Uninstaller's restore point - Ferramenta de Carregamento do Windows Live

RP122: 22/12/2009 03:30:11 - Revo Uninstaller's restore point - Malwarebytes' Anti-Malware

RP123: 22/12/2009 00:00:50 - Software Distribution Service 3.0

RP124: 22/12/2009 00:11:17 - Software Distribution Service 3.0

RP125: 23/12/2009 00:00:24 - Software Distribution Service 3.0

RP126: 23/12/2009 00:50:43 - Revo Uninstaller's restore point - Ask Toolbar

RP127: 23/12/2009 02:12:06 - Software Distribution Service 3.0

RP128: 24/12/2009 00:00:29 - Software Distribution Service 3.0

RP129: 24/12/2009 01:46:38 - Software Distribution Service 3.0

RP130: 24/12/2009 13:48:54 - Revo Uninstaller's restore point - Malwarebytes' Anti-Malware

RP131: 24/12/2009 14:12:16 - Revo Uninstaller's restore point - Malwarebytes' Anti-Malware

RP132: 24/12/2009 14:13:52 - Revo Uninstaller's restore point - Malwarebytes' Anti-Malware

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.2 - Português

AlienGUIse Theme Manager

Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)

Atualização de Segurança para Windows Internet Explorer 7 (KB961260)

Atualização de Segurança para Windows Internet Explorer 8 (KB969897)

Atualização de Segurança para Windows Internet Explorer 8 (KB971961)

Atualização de Segurança para Windows Internet Explorer 8 (KB972260)

Atualização de Segurança para Windows Internet Explorer 8 (KB974455)

Atualização de Segurança para Windows Internet Explorer 8 (KB976325)

Atualização de Segurança para Windows XP (KB961371-v2)

Atualização para Windows Internet Explorer 8 (KB973874)

Atualização para Windows Internet Explorer 8 (KB976749)

BrOffice.org 3.1

C-Media WDM Audio Driver

CCleaner

CursorXP

EVEREST Home Edition v2.20

Gadwin PrintScreen

Google Chrome

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

IRPF2010 - Declaração de Ajuste Anual e Final de Espólio

Java 6 Update 17

Junk Mail filter update

K-Meleon 1.5.3 en-US (remove only)

Malwarebytes' Anti-Malware

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 Language Pack - ptb

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox (3.5)

MSXML 4.0 SP2 (KB973688)

Opera 10.10

Revo Uninstaller 1.85

Sun VirtualBox

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

você 9.0 Runtime

VIA Rhine-Family Fast-Ethernet Adapter

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Windows Imaging Component

Windows Internet Explorer 7

Windows Media Format 11 runtime

XML Paper Specification Shared Components Language Pack 1.0

XML Paper Specification Shared Components Pack 1.0

==== End Of File ===========================

Grato

Power Max · Dezembro 29, 2009

:) Olá EDSSX!

:seta: Siga, por gentileza, as dicas deste tutorial:

Tutorial do Kaspersky Virus Removal Tool

Na sua próxima resposta poste este log do Kaspersky Virus Removal Tool juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

Ficamos no aguardo.

EDSSX · Dezembro 29, 2009

Boa Tarde ! Antonio Vieira Sobrinho

Segue os logs :

Marcando apenas a opção hidden startup objects; segue o log :

Autoscan: completed 3 minutes ago (events: 2, objects: 519, time: 00:11:07)

29/12/2009 15:31:17 Task started

29/12/2009 15:42:24 Task completed

Marcando apenas a opção system memory; segue o log :

Autoscan: completed 3 minutes ago (events: 2, objects: 1576, time: 00:01:09)

29/12/2009 15:47:35 Task started

29/12/2009 15:48:44 Task completed

Marcando apenas a opção disk boot sectors; segue o log :

Autoscan: completed <1 minute ago (events: 2, objects: 5, time: 00:00:02)

29/12/2009 15:54:16 Task started

29/12/2009 15:54:18 Task completed

Marcando apenas a opção disco D:; segue o log :

Autoscan: completed 2 minutes ago (events: 2, objects: 161834, time: 01:08:18)

29/12/2009 15:59:58 Task started

29/12/2009 17:08:17 Task completed

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:32:36, on 29/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\AlienGUIse\wbload.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

D:\Arquivos de programas\CursorXP\CursorXP.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\Arquivos de programas\Arquivos comuns\ParetoLogic\PLAS\plasservice.exe

D:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\WINDOWS\system32\wuauclt.exe

D:\WINDOWS\explorer.exe

D:\Arquivos de programas\Mozilla Firefox 3.5 Preview\firefox.exe

D:\Documents and Settings\edsom luis\Meus documentos\Downloads\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - D:\Arquivos de programas\DVDVideoSoft\tbDVDV.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - D:\Arquivos de programas\DVDVideoSoft\tbDVDV.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - D:\Arquivos de programas\DVDVideoSoft\tbDVDV.dll

O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto