[Arquivado] Desablita o Fire wall do Windows

Ricardo Carvalho · Janeiro 20, 2008

Boa noite !

Estou com um problema no meu computador, que eu nao sei o que é!

Dias atras acho que eu peguei no meu serviços com o uso de pen driver!

Agora meu computador está do mesmo jeito da loja em que eu trabalho.

Geralmente quando coloco o pen drive ou qualquer outro disco removivel, como cartao ou mp3,

Neles aparecem duas pastas, uma com o nome do ARQUIVOS e a outra PROGRAM, nelas nao contem nada, e quando as apago elas voltam no mesmo lugar, agora no meu (D:) e nao saem mais de lá !

E toda hora que clico no (D:) ele nao abre e tenho que clicar com o botao do mouse e ir em explorar, e quando eu faço isso, ele automaticamente desabiliata o meu Fire wall do Windows!

O que é isso ? Virus?

Por favor nao consigo de maneira nenhuma remover esses arquivos definitivamente!

Espero que alguem possa me ajudar!

Abaixo ta o meu log, do HijackThis!

Logfile of HijackThis v1.99.1

Scan saved at 23:16:12, on 19/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\CmUCReye.exe

C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

c:\windows\vvvlk.exe

C:\WINDOWS\system32\wscntfy.exe

c:\windows\inf\eiqhz.exe

c:\arquivos de programas\arquivos comuns\ncrbm.exe

c:\windows\system\yjzwm.exe

c:\windows\config\ilrre.exe

c:\windows\system32\hlite.exe

c:\windows\system32\cgmrv.exe

C:\Documents and Settings\usuario\Desktop\Anti virus\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=013008 serial=dr12cct-5868716-qcs lang=EN

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe

O4 - HKLM\..\Run: [CMExplorer] C:\WINDOWS\CMExplorer.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [tDefault] c:\windows\system32\cgmrv.exe

O4 - HKLM\..\Run: [settings] c:\windows\vvvlk.exe

O4 - HKLM\..\Run: [systemT] c:\windows\system\yjzwm.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [RSetting] c:\windows\inf\eiqhz.exe

O4 - HKCU\..\Run: [userTools] c:\arquivos de programas\arquivos comuns\ncrbm.exe

O4 - HKCU\..\Run: [CheckS] c:\windows\config\ilrre.exe

O4 - HKCU\..\Run: [DeviceSys] c:\windows\system32\hlite.exe

O4 - Startup: Reboot.exe

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

jgarcia · Janeiro 20, 2008

Opa Ricardo Carvalho,

Baixe o ComboFix em:

ComboFix

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços.

Ricardo Carvalho · Janeiro 20, 2008

Boa Noite!

JGARCIA

Deixa eu te falar antes de ler a sua resposta passei no meu pc o anti virus avg dai ele encontrou 9 arquivos infectados

com o nome (Trojan House Backdoor.vb.aai) dai eu acho que eu excluir eles!

Dai fiz tudo o que você tinha me passado e me parece que deu certo!

So para ter certeza abaixo segue os meus logs!

Desde ja muito obrigado !

Confere ai se essa praga ja saiu do meu pc!VALEU!

ComboFix 08-01-20.1 - usuario 2008-01-20 20:08:16.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.598 [GMT -2:00]

Executando de: C:\Documents and Settings\usuario\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\_000110_.tmp.dll

C:\WINDOWS\system32\_000111_.tmp.dll

C:\WINDOWS\system32\_000112_.tmp.dll

C:\WINDOWS\system32\_000114_.tmp.dll

D:\Autorun.inf

.

((((((((((((((((((((((( Ficheiros criados de 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))))

.

2008-01-20 20:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-20 11:58 . 2008-01-20 11:58 <DIR> d-------- C:\WINDOWS\ERUNT

2008-01-19 15:33 . 2008-01-19 19:34 <DIR> d-------- C:\Documents and Settings\Administrador\Modelos

2008-01-19 15:33 . 2008-01-19 19:34 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-01-19 15:33 . 2008-01-19 19:34 <DIR> d-------- C:\Documents and Settings\Administrador\Configura‡äes locais

2008-01-19 15:18 . 2008-01-19 19:34 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-01-19 15:14 . 2008-01-19 19:34 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2008-01-19 15:13 . 2008-01-19 19:34 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-01-16 21:50 . 2008-01-16 21:50 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2008-01-15 17:45 . 2008-01-15 17:45 <DIR> d-------- C:\WINDOWS\Sun

2008-01-13 00:03 . 2008-01-13 00:05 <DIR> d-------- C:\Arquivos de programas\Emulador

2008-01-12 15:52 . 2008-01-17 19:36 <DIR> d-------- C:\LinhaDefensiva

2008-01-12 15:44 . 2008-01-12 15:44 <DIR> d-------- C:\Arquivos de programas\CoolSMS

2008-01-09 22:02 . 2008-01-15 18:58 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\skypePM

2008-01-09 22:02 . 2008-01-09 22:02 32 --a------ C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

2008-01-09 21:57 . 2008-01-15 19:48 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Skype

2008-01-09 21:57 . 2008-01-09 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-01-09 21:57 . 2008-01-09 21:57 <DIR> d-------- C:\Arquivos de programas\Skype

2008-01-09 21:57 . 2008-01-09 21:57 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

2008-01-09 20:12 . 2008-01-09 21:00 <DIR> d-------- C:\Arquivos de programas\Sype

2008-01-09 20:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-01-09 20:01 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-01-09 20:01 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-01-07 20:23 . 2008-01-11 16:13 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-01-07 20:23 . 2008-01-07 20:23 <DIR> d-------- C:\Arquivos de programas\Zero Assumption Recovery

2008-01-07 20:23 . 2008-01-07 20:25 <DIR> d-------- C:\Arquivos de programas\ZAR

2008-01-06 19:58 . 2008-01-06 19:58 <DIR> d---s---- C:\WINDOWS\system32\%SystemDrive%

2008-01-06 19:55 . 2008-01-06 19:55 75,808 --ah----- C:\WINDOWS\system32\mlfcache.dat

2008-01-02 23:10 . 2008-01-02 23:10 <DIR> d-------- C:\Documents and Settings\usuario\Configuraes locais

2008-01-02 23:03 . 2008-01-02 23:03 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2007-12-28 19:45 . 2007-12-28 19:45 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Ulead Systems

2007-12-28 19:44 . 2007-12-28 19:44 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\SONY Digital Images

2007-12-28 19:44 . 2004-05-04 11:53 1,645,320 --------- C:\WINDOWS\system32\gdiplus.dll

2007-12-28 19:42 . 2007-12-28 19:42 <DIR> d-------- C:\SmartSound Software

2007-12-28 19:41 . 2007-12-28 19:41 <DIR> d-------- C:\WINDOWS\system32\windows media

2007-12-28 19:41 . 2007-12-28 19:41 <DIR> d-------- C:\WINDOWS\system32\Quicktime

2007-12-28 19:41 . 2007-12-28 19:41 <DIR> d--h----- C:\WINDOWS\msdownld.tmp

2007-12-28 19:41 . 2007-12-28 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SmartSound Software Inc

2007-12-28 19:41 . 2007-12-28 19:41 <DIR> d-------- C:\Arquivos de programas\SmartSound Software

2007-12-28 19:40 . 2007-12-28 19:40 <DIR> d-------- C:\Arquivos de programas\Windows Media Components

2007-12-28 19:39 . 2007-12-28 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Ulead Systems

2007-12-28 19:39 . 2007-12-28 19:39 <DIR> d-------- C:\Arquivos de programas\Ulead Systems

2007-12-28 19:39 . 2007-12-28 19:44 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ulead Systems

2007-12-20 19:30 . 2003-05-22 16:31 55,808 --a------ C:\WINDOWS\system32\lfpsd13n.dll

2007-12-20 19:04 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll

2007-12-20 19:04 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll

2007-12-20 19:04 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll

2007-12-20 19:04 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll

2007-12-20 19:04 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll

2007-12-20 19:04 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll

2007-12-20 19:04 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll

2007-12-20 19:04 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-20 22:05 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\Free Download Manager

2008-01-20 21:59 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\AVG7

2008-01-16 22:19 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\LimeWire

2008-01-12 18:37 --------- d-----w C:\Arquivos de programas\CloneDVD

2008-01-10 00:19 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-01-03 01:08 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2007-12-28 21:44 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-16 13:50 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SWF Studio

2007-12-14 22:50 --------- d-----w C:\Arquivos de programas\Viewpoint

2007-12-13 22:44 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2007-12-12 02:42 --------- d-----w C:\Arquivos de programas\Windows Live Messenger

2007-12-11 17:30 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-12-11 17:30 --------- d-----w C:\Arquivos de programas\ANI

2007-12-11 16:32 --------- d-----w C:\Arquivos de programas\D-Link

2007-12-09 22:59 --------- d-----w C:\Arquivos de programas\Arquivos comuns\GNU

2007-12-09 22:42 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Vbox

2007-12-08 01:07 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\Media Player Classic

2007-12-01 07:20 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\Corel

2007-12-01 07:19 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Corel

2007-12-01 07:18 --------- d-----w C:\Arquivos de programas\Corel

2007-12-01 07:16 --------- d-----w C:\Arquivos de programas\Audacity

2007-12-01 04:26 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Macrovision

2007-12-01 03:40 7,164 ----a-w C:\WINDOWS\system32\drivers\CMFileDisk.sys

2007-12-01 03:40 626,688 ----a-w C:\WINDOWS\system32\SecurityBox.exe

2007-12-01 03:40 385,024 ----a-w C:\WINDOWS\system32\CMBox.exe

2007-12-01 03:40 28,672 ----a-w C:\WINDOWS\system32\DiskMount.exe

2007-12-01 03:40 --------- d-----w C:\Arquivos de programas\C-Media USB2.0 Card Reader

2007-11-30 06:37 --------- d-----w C:\Arquivos de programas\Windows Live

2007-11-30 06:08 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2007-11-30 05:55 --------- d-----w C:\Documents and Settings\LocalService\Dados de aplicativos\AVG7

2007-11-30 05:54 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2007-11-30 05:53 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2007-11-30 05:47 --------- d-----w C:\Arquivos de programas\LimeWire

2007-11-30 05:47 --------- d-----w C:\Arquivos de programas\Java

2007-11-30 05:47 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2007-11-30 05:46 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2007-11-30 05:44 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2007-11-30 05:44 --------- d-----w C:\Arquivos de programas\QuickTime Alternative

2007-11-30 05:44 --------- d-----w C:\Arquivos de programas\Media Player Classic

2007-11-30 05:44 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2007-11-30 05:43 --------- d-----w C:\Arquivos de programas\Windows Defender

2007-11-07 09:28 724,480 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-10-29 22:44 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-25 11:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2006-05-22 05:08 81,920 ----a-w C:\Documents and Settings\usuario\Dados de aplicativos\ezpinst.exe

2006-05-22 05:08 47,360 ----a-w C:\Documents and Settings\usuario\Dados de aplicativos\pcouffin.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 15360]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2007-08-29 13:09 171464]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 14:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 14:09 579072]

"CorelDRAW Graphics Suite 11b"="C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39 729088]

"D-Link AirPlus G"="C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 10:42 1519616]

"Windows Defender"="C:\Arquivos de programas\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 10:05 16239616 C:\WINDOWS\RTHDCPL.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]

"CmUCRRun"="C:\WINDOWS\system32\CmUCReye.exe" [2006-07-12 00:26 237568]

"CMExplorer"="C:\WINDOWS\CMExplorer.exe" [2007-01-31 01:12 2715648]

"ANIWZCS2Service"="C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49 49152]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 01:45 159744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2007-11-30 03:54 219136]

"DWQueuedReporting"="C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

C:\Documents and Settings\usuario\Menu Iniciar\Programas\Inicializar\

Reboot.exe [2004-10-01 04:01:50 334336]

[HKLM\~\startupfolder\C:^Documents and Settings^usuario^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=C:\Documents and Settings\usuario\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 08:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CheckS]

c:\windows\config\ilrre.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSMS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceSys]

c:\windows\system32\hlite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RSetting]

c:\windows\inf\eiqhz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Settings]

c:\windows\vvvlk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemT]

c:\windows\system\yjzwm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserTools]

c:\arquivos de programas\arquivos comuns\ncrbm.exe

R1 CMFileDisk;CMFileDisk;C:\WINDOWS\system32\drivers\CMFileDisk.sys [2007-12-01 01:40]

R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;C:\WINDOWS\system32\DRIVERS\cmiucr.SYS [2007-01-05 07:21]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

\Shell\Auto\Command - D:\program.exe e

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL program.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80ab57ed-b40b-11dc-9f4c-001b111bc986}]

\Shell\Auto\Command - program.exe e

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL program.exe e

*Newly Created Service* - PROCEXP90

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-01-20 21:12:16 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Arquivos de programas\Windows Defender\MpCmdRun.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-20 20:10:16

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-01-20 20:10:45

ComboFix-quarantined-files.txt 2008-01-20 22:10:31

.

2008-01-19 21:57:48 --- E O F ---

Logfile of HijackThis v1.99.1

Scan saved at 20:13:41, on 20/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\system32\CmUCReye.exe

C:\WINDOWS\CMExplorer.exe

C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\NOTEPAD.EXE