[Resolvido!] Virus enviado para pen drive e troca de letras na d

[PedroN 1]

Execute novamente o combofix

[Marcos Vinícius 0]

LOG COMBOFIX

 

ComboFix 08-10-16.08 - Marcos Vinícius 2008-10-22 12:49:45.4 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1046.18.2910 [GMT -2:00]

Executando de: C:\Users\Marcos Vinícius\Desktop\ComboFix.exe

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-22 to 2008-10-22 ))))))))))))))))))))))))))))

.

 

2008-10-20 20:28 . 2007-05-10 17:20 4,952,064 --a------ C:\Windows\System32\stacgui.cpl

2008-10-20 20:28 . 2007-04-10 18:02 1,601,536 --a------ C:\Windows\System32\stlang.dll

2008-10-20 20:28 . 2007-05-06 17:11 144,896 --a------ C:\Windows\System32\staco.dll

2008-10-20 20:28 . 2007-05-06 17:11 94,208 --a------ C:\Windows\System32\stacsv.exe

2008-10-20 20:27 . 2008-10-20 20:27 <DIR> d-------- C:\Program Files\SigmaTel(15)

2008-10-20 20:27 . 2008-10-20 22:53 <DIR> d-------- C:\Program Files\SigmaTel

2008-10-20 20:27 . 2007-05-06 17:11 587,776 --a------ C:\Windows\System32\stapo.dll

2008-10-20 20:27 . 2007-05-06 17:12 326,656 --a------ C:\Windows\System32\drivers\stwrt.sys

2008-10-20 20:27 . 2007-05-06 17:11 326,144 --a------ C:\Windows\System32\stcplx.dll

2008-10-20 20:27 . 2007-05-06 17:10 244,736 --a------ C:\Windows\System32\stapi32.dll

2008-10-20 20:09 . 2008-10-20 22:53 <DIR> d-------- C:\Windows\System32\vmm32

2008-10-19 23:30 . 2008-10-20 22:53 <DIR> d-------- C:\Users\Marcos Vinícius\AppData\Roaming\Creative

2008-10-19 23:28 . 2008-10-19 23:28 <DIR> d-------- C:\Users\Marcos Vinícius\AppData\Roaming\tmp

2008-10-19 23:28 . 2008-10-19 23:28 <DIR> d-------- C:\Users\Marcos Vinícius\AppData\Roaming\Reallusion

2008-10-17 21:17 . 2008-10-17 21:17 <DIR> d-------- C:\Users\Marcos Vinícius\AppData\Roaming\Malwarebytes

2008-10-17 21:17 . 2008-10-17 21:17 <DIR> d-------- C:\Users\All Users\Malwarebytes

2008-10-17 21:17 . 2008-10-17 21:17 <DIR> d-------- C:\ProgramData\Malwarebytes

2008-10-17 21:17 . 2008-10-17 21:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-10-17 21:17 . 2008-10-16 20:25 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys

2008-10-17 21:17 . 2008-10-16 20:25 15,504 --a------ C:\Windows\System32\drivers\mbam.sys

2008-10-16 22:49 . 2008-10-01 23:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb

2008-10-16 22:49 . 2008-10-02 01:49 827,392 --a------ C:\Windows\System32\wininet.dll

2008-10-16 22:43 . 2008-08-05 07:49 428,544 --a------ C:\Windows\System32\EncDec.dll

2008-10-16 22:43 . 2008-08-05 07:49 293,376 --a------ C:\Windows\System32\psisdecd.dll

2008-10-16 22:43 . 2008-08-05 07:48 217,088 --a------ C:\Windows\System32\psisrndr.ax

2008-10-16 22:43 . 2008-08-05 07:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax

2008-10-16 22:43 . 2008-08-05 07:48 80,896 --a------ C:\Windows\System32\MSNP.ax

2008-10-16 20:58 . 2008-10-16 20:58 <DIR> d-------- C:\Program Files\DCETools

2008-10-15 21:52 . 2008-10-15 23:03 <DIR> d-------- C:\ComboFix1

2008-10-15 21:29 . 2008-09-18 00:16 2,032,640 --a------ C:\Windows\System32\win32k.sys

2008-10-15 21:29 . 2008-08-26 23:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys

2008-10-15 21:28 . 2008-09-18 03:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe

2008-10-15 21:28 . 2008-09-18 03:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe

2008-10-14 23:24 . 2008-10-15 22:03 320,323,197 --a------ C:\Windows\MEMORY.DMP

2008-10-11 19:05 . 2000-12-24 17:38 401,462 --a------ C:\Windows\System32\temp.003

2008-10-11 19:05 . 2000-12-24 17:38 266,293 --a------ C:\Windows\System32\temp.002

2008-10-11 19:03 . 2000-12-24 17:38 401,462 --a------ C:\Windows\System32\temp.001

2008-10-11 19:03 . 2000-12-24 17:38 266,293 --a------ C:\Windows\System32\temp.000

2008-10-11 18:59 . 1998-04-30 15:56 129,024 --a------ C:\Windows\UNWISE.EXE

2008-10-11 18:59 . 1996-08-12 11:59 24,576 --a------ C:\Windows\System32\Wavlbsys.dll

2008-10-11 18:58 . 1998-05-06 18:44 24,576 --a------ C:\Windows\System32\Hyperman.dll

2008-10-06 21:48 . 2008-10-21 13:41 <DIR> d-------- C:\Hijack

2008-10-04 12:42 . 2008-10-04 12:42 <DIR> d-------- C:\Program Files\Scpad

2008-09-29 21:00 . 2008-10-07 23:29 190 --a------ C:\Windows\guitar.ini

2008-09-25 13:58 . 2008-07-12 09:18 3,851,784 --a------ C:\Windows\System32\D3DX9_39.dll

2008-09-25 13:57 . 2008-08-17 08:33 678,408 --a------ C:\Windows\System32\gpprefcl.dll

2008-09-24 00:50 . 2008-09-24 00:50 <DIR> d-------- C:\Users\Marcos Vinícius\AppData\Roaming\COWON

2008-09-24 00:50 . 2008-09-24 00:50 <DIR> d-------- C:\Program Files\JetAudio

2008-09-24 00:50 . 2008-09-24 00:50 <DIR> d-------- C:\Program Files\Common Files\COWON

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-22 14:54 3,407,872 --sha-w C:\Users\Marcos Vinícius\ntuser.dat

2008-10-22 14:54 3,407,872 --sha-w C:\Users\Marcos Vinícius\ntuser.dat

2008-10-21 00:53 --------- d-s---w C:\Users\Marcos Vinícius\AppData\Roaming\Microsoft

2008-10-21 00:53 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\Creative

2008-10-21 00:53 --------- d-----w C:\Program Files\Broadcom

2008-10-20 22:27 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-10-20 22:09 --------- d-----w C:\Program Files\Dell

2008-10-20 20:39 --------- d-----w C:\ProgramData\DVD Shrink

2008-10-20 01:28 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\tmp

2008-10-20 01:28 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\Reallusion

2008-10-19 17:42 90,313 ----a-w C:\Users\Marcos Vinícius\AppData\Roaming\nvModes.dat

2008-10-17 23:17 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\Malwarebytes

2008-10-17 21:47 --------- d-----w C:\ProgramData\GbPlugin

2008-10-17 00:50 --------- d-----w C:\Program Files\Windows Mail

2008-10-11 20:57 --------- d-----w C:\Program Files\Sony

2008-09-25 15:58 --------- d-----w C:\Program Files\Microsoft Games

2008-09-24 02:50 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\COWON

2008-09-13 19:30 --------- d-----w C:\Program Files\Microsoft Money 2007

2008-09-11 16:30 --------- d-----w C:\Program Files\Inesoft Cash Organizer 2008 Premium

2008-09-08 22:15 --------- d-----w C:\Program Files\DreMule

2008-09-08 21:03 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\Real

2008-09-07 00:49 --------- d-----w C:\Program Files\K-Lite Codec Pack

2008-09-07 00:36 --------- d-----w C:\Program Files\Media Player Classic Homecinema

2008-08-31 20:46 103,064 ----a-w C:\Users\Marcos Vinícius\AppData\Roaming\GDIPFONTCACHEV1.DAT

2008-08-29 01:30 --------- d-----w C:\Program Files\DivXLand

2008-08-28 13:50 30,720 ----a-w C:\Windows\System32\soundschemes2.exe

2008-08-25 15:57 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-06-25 00:12 47,360 ----a-w C:\Users\Marcos Vinícius\AppData\Roaming\pcouffin.sys

2008-06-09 00:52 28,095 ----a-w C:\Users\Administrador\AppData\Roaming\nvModes.dat

2008-05-21 17:24 56,912 ----a-w C:\Users\Marcos Vinícius\g2mdlhlpx.exe

2008-05-21 17:24 56,912 ----a-w C:\Users\Marcos Vinícius\g2mdlhlpx.exe

2008-04-07 13:31 76 --sh--r C:\Windows\CT4CET.bin

.

 

((((((((((((((((((((((((((((( snapshot_2008-10-20_23.27.10,34 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-10-21 00:55:30 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-10-22 14:43:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-10-21 00:55:30 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-10-22 14:43:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-10-21 00:57:07 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-10-22 14:46:35 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-10-22 14:46:35 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-10-21 00:57:01 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-10-22 14:46:51 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-10-22 14:46:51 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-10-21 00:55:38 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-10-22 14:44:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-10-21 00:55:38 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-10-22 14:44:06 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-10-21 00:55:38 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-10-22 14:44:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-10-21 01:23:22 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-10-22 14:49:41 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-10-22 14:49:41 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1

- 2008-10-21 00:57:47 14,282 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4199523174-1369212746-3190709888-1000_UserData.bin

+ 2008-10-22 14:47:26 14,334 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4199523174-1369212746-3190709888-1000_UserData.bin

- 2008-10-21 00:57:47 66,068 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-10-22 14:47:26 66,154 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-10-20 23:38:50 48,776 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-10-22 14:47:25 49,012 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 857648]

"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 36864]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]

"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-21 266497]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Windows Mobile Device Center"="C:\Windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 8497696]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 81920]

"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 86016]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]

"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 405504]

"PMX Daemon"="ICO.EXE" [2006-11-08 C:\Windows\System32\ico.exe]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-04-07 50688]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-04-07 45056]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= divxa32.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{147BD8DA-B218-4F14-ACBD-B11397578B4F}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect

"{F8294EC3-1E81-4714-9C04-A00FA266152C}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{04C5ED7D-B434-4326-A3A2-05A5DBAAB25A}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{9D0BF311-1399-4F44-A8FB-6A2A607FC4B7}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"TCP Query User{A7495583-C7C0-4FB9-A431-35D99EC214AD}C:\\program files\\dremule\\emule.exe"= UDP:C:\program files\dremule\emule.exe:Dreamule

"UDP Query User{6F5FECDB-A8FB-4899-ACD7-648AF98985BE}C:\\program files\\dremule\\emule.exe"= TCP:C:\program files\dremule\emule.exe:Dreamule

"TCP Query User{72E3960A-5C18-4864-B91D-E53AD31BCAA8}C:\\program files\\tradezone\\tzmetasolution\\winros.exe"= UDP:C:\program files\tradezone\tzmetasolution\winros.exe:TZMetaSolution

"UDP Query User{346A1E25-05CB-415A-9BCA-EE32160BC9BF}C:\\program files\\tradezone\\tzmetasolution\\winros.exe"= TCP:C:\program files\tradezone\tzmetasolution\winros.exe:TZMetaSolution

"TCP Query User{AB1DBCBE-4CC5-42A6-B63C-6737B7403518}C:\\users\\marcos vinícius\\appdata\\local\\xenocode\\appliancecaches\\phicube analyzer3.exe_v57ebb63a\\native\\stubexe\\@programfiles@\\tradezone\\tzmetasolution\\winros.exe"= UDP:C:\users\marcos vinícius\appdata\local\xenocode\appliancecaches\phicube analyzer3.exe_v57ebb63a\native\stubexe\@programfiles@\tradezone\tzmetasolution\winros.exe:winros.exe

"UDP Query User{328FD150-ED78-44E1-BD20-63BC23D31E26}C:\\users\\marcos vinícius\\appdata\\local\\xenocode\\appliancecaches\\phicube analyzer3.exe_v57ebb63a\\native\\stubexe\\@programfiles@\\tradezone\\tzmetasolution\\winros.exe"= TCP:C:\users\marcos vinícius\appdata\local\xenocode\appliancecaches\phicube analyzer3.exe_v57ebb63a\native\stubexe\@programfiles@\tradezone\tzmetasolution\winros.exe:winros.exe

"{2A22203A-A50A-40EA-A602-36F17131B90D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{072EFF09-7F7A-4530-91AD-D6EA08DE473D}C:\\program files\\dremule\\emule.exe"= UDP:C:\program files\dremule\emule.exe:Dreamule

"UDP Query User{C568FBBB-6CC5-493C-9CC9-8CCC98F4ED95}C:\\program files\\dremule\\emule.exe"= TCP:C:\program files\dremule\emule.exe:Dreamule

"{7EDEFB16-2444-479F-9F08-AD5BA5FCEF95}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{CB15837B-C58B-4670-B055-B082220BDBFC}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

 

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2008-01-02 73728]

R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 235648]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 7424]

R3 pmxmouse;PMXMOUSE;C:\Windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 18432]

R3 pmxusblf;PMXUSBLF;C:\Windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 19008]

S2 scpVista;scpVista;C:\Program Files\Scpad\scpVista.exe [2007-12-12 136448]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

bthsvcs REG_MULTI_SZ BthServ

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{118d0bc3-0fad-11dd-b4aa-001c23b622b2}]

\shell\AutoRun\command - n6j6pc0.com

\shell\explore\Command - n6j6pc0.com

\shell\open\Command - n6j6pc0.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{594b956a-04a4-11dd-8589-806e6f6e6963}]

\shell\AutoRun\command - E:\autoRcd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]

%SystemRoot%\system32\soundschemes2.exe /AddRegistration

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-10-22 C:\Windows\Tasks\User_Feed_Synchronization-{33E43AC5-0C46-4B94-B79F-C29C356437C1}.job

- C:\Windows\system32\msfeedssync.exe [2008-01-19 05:33]

.

.

------- Scan Suplementar -------

.

FireFox -: Profile - C:\Users\Marcos Vinícius\AppData\Roaming\Mozilla\Firefox\Profiles\0t7zgz86.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.uol.com.br

FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-22 12:54:15

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

 

**************************************************************************

.

Tempo para conclusão: 2008-10-22 12:56:38

ComboFix-quarantined-files.txt 2008-10-22 14:55:35

ComboFix2.txt 2008-10-21 01:28:20

ComboFix3.txt 2008-10-18 13:00:12

ComboFix4.txt 2008-10-17 23:05:49

ComboFix5.txt 2008-10-22 14:49:31

 

Pré-execução: 30.988.464.128 bytes disponíveis

Pós execução: 30,953,263,104 bytes disponíveis

 

226 --- E O F --- 2008-10-21 15:17:05

 

 

LOG HIJACKTHIS

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:03:27, on 22/10/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\System32\ico.exe

C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Windows\System32\Pmxmiced.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\System32\mobsync.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

C:\Windows\system32\notepad.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE

O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: QuickSet.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: View E&xif... - C:\Users\Marcos Vinícius\Documents\VisualExif\html\VisualExif.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O13 - Gopher Prefix:

O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinteractive.com/setup/RiffLick.cab

O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificacao.unibanco.com.br/VSApps/vspta3.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553590000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 8748 bytes

[PedroN 1]

Olá Marcos Vinícius, foram encontradas novas infecções em seu log causado por unidades removiveis, peço que você formate o seu pendrive, pois quando você o conectar em seu micro vai acontecer uma reinfecção, ok?.

 

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

E:\autoRcd.exe

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{118d0bc3-0fad-11dd-b4aa-001c23b622b2}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{594b956a-04a4-11dd-8589-806e6f6e6963}]

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

[Marcos Vinícius 0]

foram encontradas novas infecções em seu log causado por unidades removiveis

 

Complicado isso... minha mulher traz trabalho pra casa com esse pen drive. Formatei-o, mas será que qdo ela colocar no computador do trabalho dela não vai pegar o vírus de novo? Tem algum anti-vírus que pegue esse tipo de infecção? Eu uso o Avira, que tinha lido que estava em primeiro numa lista de análises de anti-vírus, mas pelo jeito não é tudo isso.

 

LOG COMBOFIX

 

ComboFix 08-10-16.08 - Marcos Vinícius 2008-10-22 23:16:56.5 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1046.18.2803 [GMT -2:00]

Executando de: C:\Users\Marcos Vinícius\Desktop\ComboFix.exe

Comandos utilizados :: C:\Users\Marcos Vinícius\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

FILE ::

E:\autoRcd.exe

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-23 to 2008-10-23 ))))))))))))))))))))))))))))

.

 

2008-10-20 20:28 . 2007-05-10 17:20 4,952,064 --a------ C:\Windows\System32\stacgui.cpl

2008-10-20 20:28 . 2007-04-10 18:02 1,601,536 --a------ C:\Windows\System32\stlang.dll

2008-10-20 20:28 . 2007-05-06 17:11 144,896 --a------ C:\Windows\System32\staco.dll

2008-10-20 20:28 . 2007-05-06 17:11 94,208 --a------ C:\Windows\System32\stacsv.exe

2008-10-20 20:27 . 2008-10-20 20:27 <DIR> d-------- C:\Program Files\SigmaTel(15)

2008-10-20 20:27 . 2008-10-20 22:53 <DIR> d-------- C:\Program Files\SigmaTel

2008-10-20 20:27 . 2007-05-06 17:11 587,776 --a------ C:\Windows\System32\stapo.dll

2008-10-20 20:27 . 2007-05-06 17:12 326,656 --a------ C:\Windows\System32\drivers\stwrt.sys

2008-10-20 20:27 . 2007-05-06 17:11 326,144 --a------ C:\Windows\System32\stcplx.dll

2008-10-20 20:27 . 2007-05-06 17:10 244,736 --a------ C:\Windows\System32\stapi32.dll

2008-10-20 20:09 . 2008-10-20 22:53 <DIR> d-------- C:\Windows\System32\vmm32

2008-10-19 23:30 . 2008-10-20 22:53 <DIR> d-------- C:\Users\Marcos Vinícius\AppData\Roaming\Creative

2008-10-19 23:28 . 2008-10-19 23:28 <DIR> d-------- C:\Users\Marcos Vinícius\AppData\Roaming\tmp

2008-10-19 23:28 . 2008-10-19 23:28 <DIR> d-------- C:\Users\Marcos Vinícius\AppData\Roaming\Reallusion

2008-10-17 21:17 . 2008-10-17 21:17 <DIR> d-------- C:\Users\Marcos Vinícius\AppData\Roaming\Malwarebytes

2008-10-17 21:17 . 2008-10-17 21:17 <DIR> d-------- C:\Users\All Users\Malwarebytes

2008-10-17 21:17 . 2008-10-17 21:17 <DIR> d-------- C:\ProgramData\Malwarebytes

2008-10-17 21:17 . 2008-10-17 21:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-10-17 21:17 . 2008-10-16 20:25 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys

2008-10-17 21:17 . 2008-10-16 20:25 15,504 --a------ C:\Windows\System32\drivers\mbam.sys

2008-10-16 22:49 . 2008-10-01 23:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb

2008-10-16 22:49 . 2008-10-02 01:49 827,392 --a------ C:\Windows\System32\wininet.dll

2008-10-16 22:43 . 2008-08-05 07:49 428,544 --a------ C:\Windows\System32\EncDec.dll

2008-10-16 22:43 . 2008-08-05 07:49 293,376 --a------ C:\Windows\System32\psisdecd.dll

2008-10-16 22:43 . 2008-08-05 07:48 217,088 --a------ C:\Windows\System32\psisrndr.ax

2008-10-16 22:43 . 2008-08-05 07:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax

2008-10-16 22:43 . 2008-08-05 07:48 80,896 --a------ C:\Windows\System32\MSNP.ax

2008-10-16 20:58 . 2008-10-16 20:58 <DIR> d-------- C:\Program Files\DCETools

2008-10-15 21:52 . 2008-10-15 23:03 <DIR> d-------- C:\ComboFix1

2008-10-15 21:29 . 2008-09-18 00:16 2,032,640 --a------ C:\Windows\System32\win32k.sys

2008-10-15 21:29 . 2008-08-26 23:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys

2008-10-15 21:28 . 2008-09-18 03:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe

2008-10-15 21:28 . 2008-09-18 03:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe

2008-10-14 23:24 . 2008-10-15 22:03 320,323,197 --a------ C:\Windows\MEMORY.DMP

2008-10-11 19:05 . 2000-12-24 17:38 401,462 --a------ C:\Windows\System32\temp.003

2008-10-11 19:05 . 2000-12-24 17:38 266,293 --a------ C:\Windows\System32\temp.002

2008-10-11 19:03 . 2000-12-24 17:38 401,462 --a------ C:\Windows\System32\temp.001

2008-10-11 19:03 . 2000-12-24 17:38 266,293 --a------ C:\Windows\System32\temp.000

2008-10-11 18:59 . 1998-04-30 15:56 129,024 --a------ C:\Windows\UNWISE.EXE

2008-10-11 18:59 . 1996-08-12 11:59 24,576 --a------ C:\Windows\System32\Wavlbsys.dll

2008-10-11 18:58 . 1998-05-06 18:44 24,576 --a------ C:\Windows\System32\Hyperman.dll

2008-10-06 21:48 . 2008-10-22 13:03 <DIR> d-------- C:\Hijack

2008-10-04 12:42 . 2008-10-04 12:42 <DIR> d-------- C:\Program Files\Scpad

2008-09-29 21:00 . 2008-10-07 23:29 190 --a------ C:\Windows\guitar.ini

2008-09-25 13:58 . 2008-07-12 09:18 3,851,784 --a------ C:\Windows\System32\D3DX9_39.dll

2008-09-25 13:57 . 2008-08-17 08:33 678,408 --a------ C:\Windows\System32\gpprefcl.dll

2008-09-24 00:50 . 2008-09-24 00:50 <DIR> d-------- C:\Users\Marcos Vinícius\AppData\Roaming\COWON

2008-09-24 00:50 . 2008-09-24 00:50 <DIR> d-------- C:\Program Files\JetAudio

2008-09-24 00:50 . 2008-09-24 00:50 <DIR> d-------- C:\Program Files\Common Files\COWON

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-23 01:20 3,407,872 --sha-w C:\Users\Marcos Vinícius\ntuser.dat

2008-10-23 01:20 3,407,872 --sha-w C:\Users\Marcos Vinícius\ntuser.dat

2008-10-21 00:53 --------- d-s---w C:\Users\Marcos Vinícius\AppData\Roaming\Microsoft

2008-10-21 00:53 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\Creative

2008-10-21 00:53 --------- d-----w C:\Program Files\Broadcom

2008-10-20 22:27 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-10-20 22:09 --------- d-----w C:\Program Files\Dell

2008-10-20 20:39 --------- d-----w C:\ProgramData\DVD Shrink

2008-10-20 01:28 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\tmp

2008-10-20 01:28 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\Reallusion

2008-10-19 17:42 90,313 ----a-w C:\Users\Marcos Vinícius\AppData\Roaming\nvModes.dat

2008-10-17 23:17 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\Malwarebytes

2008-10-17 21:47 --------- d-----w C:\ProgramData\GbPlugin

2008-10-17 00:50 --------- d-----w C:\Program Files\Windows Mail

2008-10-11 20:57 --------- d-----w C:\Program Files\Sony

2008-09-25 15:58 --------- d-----w C:\Program Files\Microsoft Games

2008-09-24 02:50 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\COWON

2008-09-13 19:30 --------- d-----w C:\Program Files\Microsoft Money 2007

2008-09-11 16:30 --------- d-----w C:\Program Files\Inesoft Cash Organizer 2008 Premium

2008-09-08 22:15 --------- d-----w C:\Program Files\DreMule

2008-09-08 21:03 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\Real

2008-09-07 00:49 --------- d-----w C:\Program Files\K-Lite Codec Pack

2008-09-07 00:36 --------- d-----w C:\Program Files\Media Player Classic Homecinema

2008-08-31 20:46 103,064 ----a-w C:\Users\Marcos Vinícius\AppData\Roaming\GDIPFONTCACHEV1.DAT

2008-08-29 01:30 --------- d-----w C:\Program Files\DivXLand

2008-08-28 13:50 30,720 ----a-w C:\Windows\System32\soundschemes2.exe

2008-08-25 15:57 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-06-25 00:12 47,360 ----a-w C:\Users\Marcos Vinícius\AppData\Roaming\pcouffin.sys

2008-06-09 00:52 28,095 ----a-w C:\Users\Administrador\AppData\Roaming\nvModes.dat

2008-05-21 17:24 56,912 ----a-w C:\Users\Marcos Vinícius\g2mdlhlpx.exe

2008-05-21 17:24 56,912 ----a-w C:\Users\Marcos Vinícius\g2mdlhlpx.exe

2008-04-07 13:31 76 --sh--r C:\Windows\CT4CET.bin

.

 

((((((((((((((((((((((((((((( snapshot_2008-10-20_23.27.10,34 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-10-21 00:55:30 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-10-23 00:44:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-10-21 00:55:30 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-10-23 00:44:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-10-21 00:57:07 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-10-23 00:45:53 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-10-23 00:45:53 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-10-21 00:57:01 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-10-23 00:45:48 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-10-23 00:45:48 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-10-21 00:55:38 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-10-23 00:59:41 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-10-21 00:55:38 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-10-23 00:59:41 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-10-21 00:55:38 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-10-23 00:59:41 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-10-21 01:23:22 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-10-23 01:16:37 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-10-23 01:16:37 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1

- 2008-10-21 01:03:23 190,922 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-10-23 00:54:25 204,428 ----a-w C:\Windows\System32\perfc009.dat

- 2008-10-21 01:03:23 475,368 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-10-23 00:54:25 489,450 ----a-w C:\Windows\System32\perfh009.dat

- 2008-10-21 01:03:23 121,888 ----a-w C:\Windows\System32\prfc0416.dat

+ 2008-10-23 00:54:25 121,888 ----a-w C:\Windows\System32\prfc0416.dat

- 2008-10-21 01:03:23 634,202 ----a-w C:\Windows\System32\prfh0416.dat

+ 2008-10-23 00:54:25 634,202 ----a-w C:\Windows\System32\prfh0416.dat

- 2008-10-21 00:57:47 14,282 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4199523174-1369212746-3190709888-1000_UserData.bin

+ 2008-10-23 00:46:20 14,370 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4199523174-1369212746-3190709888-1000_UserData.bin

- 2008-10-21 00:57:47 66,068 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-10-23 00:46:20 66,154 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-10-20 23:38:50 48,776 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-10-23 00:46:19 49,052 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 857648]

"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 36864]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]

"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-21 266497]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Windows Mobile Device Center"="C:\Windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 8497696]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 81920]

"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 86016]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]

"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 405504]

"PMX Daemon"="ICO.EXE" [2006-11-08 C:\Windows\System32\ico.exe]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-04-07 50688]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-04-07 45056]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= divxa32.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{147BD8DA-B218-4F14-ACBD-B11397578B4F}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect

"{F8294EC3-1E81-4714-9C04-A00FA266152C}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{04C5ED7D-B434-4326-A3A2-05A5DBAAB25A}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{9D0BF311-1399-4F44-A8FB-6A2A607FC4B7}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"TCP Query User{A7495583-C7C0-4FB9-A431-35D99EC214AD}C:\\program files\\dremule\\emule.exe"= UDP:C:\program files\dremule\emule.exe:Dreamule

"UDP Query User{6F5FECDB-A8FB-4899-ACD7-648AF98985BE}C:\\program files\\dremule\\emule.exe"= TCP:C:\program files\dremule\emule.exe:Dreamule

"TCP Query User{72E3960A-5C18-4864-B91D-E53AD31BCAA8}C:\\program files\\tradezone\\tzmetasolution\\winros.exe"= UDP:C:\program files\tradezone\tzmetasolution\winros.exe:TZMetaSolution

"UDP Query User{346A1E25-05CB-415A-9BCA-EE32160BC9BF}C:\\program files\\tradezone\\tzmetasolution\\winros.exe"= TCP:C:\program files\tradezone\tzmetasolution\winros.exe:TZMetaSolution

"TCP Query User{AB1DBCBE-4CC5-42A6-B63C-6737B7403518}C:\\users\\marcos vinícius\\appdata\\local\\xenocode\\appliancecaches\\phicube analyzer3.exe_v57ebb63a\\native\\stubexe\\@programfiles@\\tradezone\\tzmetasolution\\winros.exe"= UDP:C:\users\marcos vinícius\appdata\local\xenocode\appliancecaches\phicube analyzer3.exe_v57ebb63a\native\stubexe\@programfiles@\tradezone\tzmetasolution\winros.exe:winros.exe

"UDP Query User{328FD150-ED78-44E1-BD20-63BC23D31E26}C:\\users\\marcos vinícius\\appdata\\local\\xenocode\\appliancecaches\\phicube analyzer3.exe_v57ebb63a\\native\\stubexe\\@programfiles@\\tradezone\\tzmetasolution\\winros.exe"= TCP:C:\users\marcos vinícius\appdata\local\xenocode\appliancecaches\phicube analyzer3.exe_v57ebb63a\native\stubexe\@programfiles@\tradezone\tzmetasolution\winros.exe:winros.exe

"{2A22203A-A50A-40EA-A602-36F17131B90D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{072EFF09-7F7A-4530-91AD-D6EA08DE473D}C:\\program files\\dremule\\emule.exe"= UDP:C:\program files\dremule\emule.exe:Dreamule

"UDP Query User{C568FBBB-6CC5-493C-9CC9-8CCC98F4ED95}C:\\program files\\dremule\\emule.exe"= TCP:C:\program files\dremule\emule.exe:Dreamule

"{7EDEFB16-2444-479F-9F08-AD5BA5FCEF95}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{CB15837B-C58B-4670-B055-B082220BDBFC}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

 

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2008-01-02 73728]

R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 235648]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 7424]

S2 scpVista;scpVista;C:\Program Files\Scpad\scpVista.exe [2007-12-12 136448]

S3 pmxmouse;PMXMOUSE;C:\Windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 18432]

S3 pmxusblf;PMXUSBLF;C:\Windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 19008]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

bthsvcs REG_MULTI_SZ BthServ

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]

%SystemRoot%\system32\soundschemes2.exe /AddRegistration

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-10-22 C:\Windows\Tasks\User_Feed_Synchronization-{33E43AC5-0C46-4B94-B79F-C29C356437C1}.job

- C:\Windows\system32\msfeedssync.exe [2008-01-19 05:33]

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-22 23:20:08

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

 

**************************************************************************

.

Tempo para conclusão: 2008-10-22 23:22:34

ComboFix-quarantined-files.txt 2008-10-23 01:21:30

ComboFix2.txt 2008-10-22 14:56:39

ComboFix3.txt 2008-10-21 01:28:20

ComboFix4.txt 2008-10-18 13:00:12

ComboFix5.txt 2008-10-23 01:15:58

 

Pré-execução: 30.201.257.984 bytes disponíveis

Pós execução: 30,514,216,960 bytes disponíveis

 

226 --- E O F --- 2008-10-21 15:17:05

 

 

LOG HIJACKTHIS

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:25:41, on 22/10/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\System32\ico.exe

C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE

O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: QuickSet.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: View E&xif... - C:\Users\Marcos Vinícius\Documents\VisualExif\html\VisualExif.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O13 - Gopher Prefix:

O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinteractive.com/setup/RiffLick.cab

O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificacao.unibanco.com.br/VSApps/vspta3.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553590000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 8770 bytes

[PedroN 1]

Complicado isso... minha mulher traz trabalho pra casa com esse pen drive. Formatei-o, mas será que qdo ela colocar no computador do trabalho dela não vai pegar o vírus de novo? Tem algum anti-vírus que pegue esse tipo de infecção? Eu uso o Avira, que tinha lido que estava em primeiro numa lista de análises de anti-vírus, mas pelo jeito não é tudo isso.

 

Se o micro do trabalho dela estiver infectado, a resposta é sim. Mais tenho um tutorial que vai puder lhe ajudar

 

http://www.linhadefensiva.org/forum/index....mp;#entry364811

 

No mais seu log estar limpo :)

 

- Digite no Executar combofix /u e clique em Ok e aguarde a remoção do combofix.

 

Atualize o Java.

Versões antigas têm vunerabilidades que alguns malwares podem usar para infectar seu sistema.

• • Faça download da última versão do

Java Runtime Environment (JRE) 6u7.
• Procure onde está escrito "Java Runtime Environment (JRE) 6update7".
• Clique no botão Download.
• Marque a opção que diz Accept License Agreement.
• A página será atualizada.
• Clique no link para download Windows Offline Installation e salve no seu desktop. (O arquivo tem em torno de 70 Mb)
• Feche qualquer programa que esteja executando, especialmente navegadores.
• Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
Exemplos de versões antigas
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6
• Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
• Clique no botão Remover ou Alterar/Remover.
• Repita quantas vezes for necessária para remover cada versão do Java.
• Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
• Agora vá no seu desktop, clique duas vezes em jre-6u7-windows-i586-p.exe para instalar a mais nova versão.

 

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner

 

◘ Abra o programa e clique em Executar Limpeza;

◘ Após isto, clique em Registro > Procurar erros > Corrigir Erros

 

- Desative e ative novamente a Restauração do Sistema

 

Leia o artigo Cuidados ao navegar na net para maiores informações sobre como evitar infecções.

[Marcos Vinícius 0]

:clap: :clap: :clap: :clap:

 

Show de bola, Sr. Perfect.

 

Obrigado pela ajuda e pelas dicas. Um grande abraço.

[PedroN 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.