[Resolvido!] Pc nao mostra pastas ocultas

Fábio Luis · Novembro 20, 2008

Segue o log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:30:43, on 20/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos De Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos De Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: *.bancoreal.com.br

O15 - Trusted Zone: *.banrisul.com.br

O15 - Trusted Zone: *.bb.com.br

O15 - Trusted Zone: *.bradesco.com.br

O15 - Trusted Zone: *.caixa.gov.br

O15 - Trusted Zone: *.hsbc.com.br

O15 - Trusted Zone: *.itau.com.br

O15 - Trusted Zone: *.realsecureweb.com.br

O15 - Trusted Zone: *.santanderbanespa.com.br

O15 - Trusted Zone: *.unibanco.com.br

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15106/CTPID.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C18E4E31-D277-45B4-B890-5D2D453C80EA}: NameServer = 200.204.0.10,200.204.0.138

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 4251 bytes

PedroN · Novembro 20, 2008

• Baixe: < ComboFix.exe >

• Salve-o no Desktop!

• Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

• Feche todas as janelas e execute a ferramenta!

• Na solicitação: "Negação de garantia de software" --> Clique em Sim!

• Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
-- Salve-a no desktop,renomeada como: Kombo.exe

-- Ps: Nomeie durante o salvamento,e não após salvá-la!

-- Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

-- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

-- Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

• Abrir-se-á a janela Auto Scan. --> Aguarde!

• Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

• Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

• Aguarde a conclusão!

• Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

• Para parar ou sair do ComboFix,tecle "N" --> Enter.

----------------------

• Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Fábio Luis · Novembro 21, 2008

Seguem os logs:

ComboFix 08-11-19.08 - Usuario 2008-11-20 22:37:44.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.641 [GMT -2:00]

Executando de: c:\documents and settings\Usuario\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\0w.com

C:\abk.bat

C:\Autorun.inf

c:\documents and settings\Usuario\Dados de aplicativos\inst.exe

C:\nq0cq.cmd

c:\windows\system32\ckvo.exe

c:\windows\system32\ckvo0.dll

c:\windows\system32\ckvo1.dll

c:\windows\system32\gasretyw0.dll

c:\windows\system32\kamsoft.exe

c:\windows\system32\Pncrt.dll

C:\yannh.cmd

E:\0w.com

E:\abk.bat

E:\Autorun.inf

E:\nq0cq.cmd

E:\xih9.cmd

E:\yannh.cmd

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-21 to 2008-11-21 ))))))))))))))))))))))))))))

.

2008-11-20 19:40 . 2008-11-20 19:40 <DIR> d-------- c:\arquivos de programas\Orban

2008-11-20 18:25 . 2008-11-20 18:30 <DIR> d-------- C:\Hijack

2008-11-20 14:34 . 2006-12-08 15:20 10,528,768 --a------ c:\windows\system32\RTLCPL.exe

2008-11-20 14:34 . 2008-01-24 16:36 4,127,488 -ra------ c:\windows\system32\drivers\alcxwdm.sys

2008-11-20 14:34 . 2007-04-16 15:28 577,536 --a------ c:\windows\soundman.exe

2008-11-20 14:34 . 2006-10-18 02:53 147,456 --a------ c:\windows\system32\RtlCPAPI.dll

2008-11-20 14:34 . 2002-02-05 13:54 141,016 --a------ c:\windows\system32\alsndmgr.wav

2008-11-20 14:34 . 2006-08-01 15:02 49,152 --a------ c:\windows\system32\ChCfg.exe

2008-11-20 14:33 . 2006-11-17 05:40 18,804,736 --a------ c:\windows\system32\alsndmgr.cpl

2008-11-20 14:32 . 2008-11-20 14:32 <DIR> d-------- c:\arquivos de programas\Realtek AC97

2008-11-20 14:32 . 2006-07-31 11:19 315,392 --a------ c:\windows\alcupd.exe

2008-11-20 14:32 . 2006-07-31 11:27 217,088 --a------ c:\windows\alcrmv.exe

2008-11-20 13:33 . 2006-10-09 12:58 203,648 --a------ c:\windows\system32\drivers\vinyl97.sys

2008-11-20 11:00 . 2001-08-17 20:19 111,872 --a------ c:\windows\system32\drivers\cwcspud.sys

2008-11-20 11:00 . 2001-08-17 20:19 111,872 --a--c--- c:\windows\system32\dllcache\cwcspud.sys

2008-11-20 11:00 . 2001-08-17 20:19 93,952 --a------ c:\windows\system32\drivers\cwcwdm.sys

2008-11-20 11:00 . 2001-08-17 20:19 93,952 --a--c--- c:\windows\system32\dllcache\cwcwdm.sys

2008-11-20 11:00 . 2001-08-17 20:19 3,584 --a------ c:\windows\system32\drivers\cwcos.sys

2008-11-20 11:00 . 2001-08-17 20:19 3,584 --a--c--- c:\windows\system32\dllcache\cwcosnt5.sys

2008-11-20 08:40 . 2008-11-20 22:36 <DIR> dr-h----- c:\documents and settings\Usuario\Recent

2008-11-12 19:38 . 2008-10-24 09:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-12 19:31 . 2008-09-04 15:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2008-11-11 19:37 . 2000-05-22 06:58 647,872 --------- c:\windows\system32\Mscomct2.ocx

2008-11-11 19:37 . 1999-10-10 23:00 41,984 --------- c:\windows\Ctregrun.exe

2008-11-11 19:26 . 2002-09-06 09:54 10,194 --------- c:\windows\system32\PFMODNT.SYS

2008-11-11 12:31 . 2008-11-14 11:43 99,381 -r-hs---- C:\lky.exe

2008-11-10 22:51 . 2008-11-10 22:51 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2008-11-10 22:48 . 2008-11-10 22:48 <DIR> d-------- c:\arquivos de programas\Messenger Plus! Live

2008-11-10 18:54 . 2008-11-10 18:54 <DIR> d-------- c:\arquivos de programas\Managed DirectX (0901)

2008-11-10 11:40 . 2008-11-20 09:55 85,504 -r-hs---- c:\windows\system32\gasretyw1.dll

2008-11-09 22:19 . 2008-11-10 11:40 108,271 -r-hs---- C:\whi.com

2008-11-09 17:42 . 2008-11-09 17:42 <DIR> d-------- C:\LinhaDefensiva

2008-11-09 15:35 . 2008-11-09 15:35 <DIR> d-------- c:\arquivos de programas\Lavalys

2008-11-08 15:05 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd

2008-11-08 14:56 . 2008-11-09 13:32 11 --a------ c:\windows\SBWIN.INI

2008-11-08 14:51 . 2008-11-08 14:51 <DIR> d-------- c:\windows\system32\Data

2008-11-08 14:51 . 2004-03-29 00:11 67,428 -ra------ c:\windows\system32\LudaP17.ini

2008-11-08 14:51 . 2003-12-22 22:44 24,576 --a------ c:\windows\INRES.DLL

2008-11-08 14:51 . 2003-03-04 06:29 29 -ra------ c:\windows\system32\ctzapxx.ini

2008-11-08 09:14 . 2002-06-03 11:18 40,832 --a------ c:\windows\system32\drivers\es1371mp.sys

2008-11-08 09:14 . 2002-06-03 11:18 40,832 --a--c--- c:\windows\system32\dllcache\es1371mp.sys

2008-11-08 09:14 . 2008-04-13 15:45 10,624 --a------ c:\windows\system32\drivers\gameenum.sys

2008-11-08 09:14 . 2008-04-13 15:45 10,624 --a--c--- c:\windows\system32\dllcache\gameenum.sys

2008-11-07 11:42 . 2008-11-08 14:21 108,973 -r-hs---- C:\sq.com

2008-11-06 18:46 . 2008-11-06 18:46 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Nullsoft

2008-10-27 00:50 . 2008-10-27 00:50 <DIR> d-------- c:\arquivos de programas\ElcomSoft

2008-10-25 19:15 . 2008-10-25 19:15 <DIR> d-------- C:\PenClean

2008-10-25 19:05 . 2008-10-25 19:05 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2008-10-24 11:43 . 2008-10-15 14:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2008-10-24 01:04 . 2008-10-24 01:04 <DIR> d-------- c:\documents and settings\Usuario\Dados de aplicativos\IObit

2008-10-24 00:49 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-20 17:18 --------- d-----w c:\arquivos de programas\VIA

2008-11-20 16:32 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-11-19 21:31 --------- d-----w c:\documents and settings\Usuario\Dados de aplicativos\LimeWire

2008-11-12 21:32 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2008-11-11 21:27 --------- d-----w c:\arquivos de programas\Creative

2008-10-25 15:26 --------- d-----w c:\arquivos de programas\eMule

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-24 02:50 --------- d-----w c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-10-23 21:09 --------- d-----w c:\documents and settings\Usuario\Dados de aplicativos\Vso

2008-10-22 18:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2008-10-21 20:41 --------- d-----w c:\documents and settings\Usuario\Dados de aplicativos\Image Zone Express

2008-10-16 22:25 --------- d-----w c:\documents and settings\Usuario\Dados de aplicativos\Creative

2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 16:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 16:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-12 15:50 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\vsosdk

2008-10-12 14:24 --------- d-----w c:\arquivos de programas\Winamp

2008-10-12 14:06 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys

2008-10-12 14:06 47,360 ----a-w c:\documents and settings\Usuario\Dados de aplicativos\pcouffin.sys

2008-10-12 14:06 --------- d-----w c:\arquivos de programas\VSO

2008-10-12 13:04 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2008-10-12 13:04 --------- d-----w c:\arquivos de programas\DVD Shrink

2008-10-04 04:32 --------- d-----w c:\arquivos de programas\Sillanum Soft

2008-09-30 18:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-29 22:15 --------- d-----w c:\documents and settings\Usuario\Dados de aplicativos\Winamp

2008-09-29 03:02 --------- d-----w c:\arquivos de programas\Google

2008-09-27 22:47 --------- d-----w c:\arquivos de programas\LimeWire

2008-09-24 01:26 --------- d-----w c:\documents and settings\Usuario\Dados de aplicativos\U3

2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys

2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k(2)(2).sys

2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll

2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll

2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll

2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet(3)(2).dll

2008-08-26 08:11 267,776 ----a-w c:\windows\system32\iertutil(2)(2).dll

2008-08-26 08:11 105,984 ----a-w c:\windows\system32\url(3)(2).dll

2008-08-26 08:11 1,159,680 ----a-w c:\windows\system32\urlmon(3)(2).dll

2008-02-23 01:17 180,719 ----a-w c:\arquivos de programas\bankerfix.exe

2007-12-28 04:29 821,111 ----a-w c:\arquivos de programas\InstMsi-x86w.exe

2002-08-17 23:40 430 ----a-w c:\arquivos de programas\sfxctrl.ach

2002-08-17 23:38 1,048,576 ----a-w c:\arquivos de programas\acid.msi

2002-08-17 23:34 393,216 ----a-w c:\arquivos de programas\acidSetup.exe

2002-05-28 22:50 1,708,856 ----a-w c:\arquivos de programas\InstMsi-x86a.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"SetDefaultMIDI"="MIDIDef.exe" [2002-12-03 c:\windows\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"ISUSPM Startup"="c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.VDOM"= vdowave.drv

"VIDC.TR20"= tr2032.dll

"vidc.vivo"= ivvideo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-10-15 01:04 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

--a------ 2007-01-01 20:54 3735552 c:\arquivos de programas\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-02-19 03:41 49152 c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2005-02-22 09:56 1611488 c:\arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote]

--a------ 2006-03-06 16:56 253952 c:\arquivos de programas\PowerColor\Real Angel 330\Remote.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-11-02 21:24 32768 c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Schedule]

--a------ 2006-05-18 19:54 94208 c:\arquivos de programas\PowerColor\Real Angel 330\Schedule.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

-ra------ 2004-10-01 06:31 53248 c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"usnjsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos De Programas\\eMule\\emule.exe"=

"c:\\Arquivos De Programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos De Programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos De Programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos De Programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos De Programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos De Programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos De Programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos De Programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos De Programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos De Programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos De Programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos De Programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos De Programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos De Programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos De Programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos De Programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Arquivos De Programas\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Arquivos De Programas\\Google\\Google Talk\\googletalk.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos De Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos De Programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6346:TCP"= 6346:TCP:*:Disabled:shareaza

"32459:TCP"= 32459:TCP:utorrent

R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2007-08-13 9216]

R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2007-12-28 11264]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-21 78416]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-06-21 20560]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\arquivos de programas\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-11-09 23152]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c4aee16-d5bb-11dc-9906-001617681a14}]

\Shell\AutoRun\command - H:\abk.bat

\Shell\explore\Command - H:\abk.bat

\Shell\open\Command - H:\abk.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c02fe7e8-4c69-11dd-9aed-001617681a14}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

.

- - - - ORFÃOS REMOVIDOS - - - -

MSConfigStartUp-AudioDeck - c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe

MSConfigStartUp-InCD - c:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe

MSConfigStartUp-NeroFilterCheck - c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

MSConfigStartUp-SecurDisc - c:\arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.orkut.com/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: *.bancoreal.com.br

Trusted Zone: *.banrisul.com.br

Trusted Zone: *.bb.com.br

Trusted Zone: *.bradesco.com.br

Trusted Zone: *.caixa.gov.br

Trusted Zone: *.hsbc.com.br

Trusted Zone: *.itau.com.br

Trusted Zone: *.realsecureweb.com.br

Trusted Zone: *.santanderbanespa.com.br

Trusted Zone: *.unibanco.com.br

TCP: {C18E4E31-D277-45B4-B890-5D2D453C80EA} = 200.204.0.10,200.204.0.138

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\CTSUEng.ocx - c:\windows\Downloaded Program Files\CTSUEngn.ocx

O16 -: {6C269571-C6D7-4818-BCA4-32A035E8C884}

hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab

c:\windows\Downloaded Program Files\CTSUEng.inf

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-20 22:39:09

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\c:\arquivos de programas\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"

.

Tempo para conclusão: 2008-11-20 22:40:36

ComboFix-quarantined-files.txt 2008-11-21 00:40:06

Pré-execução: 21 pasta(s) 24.004.018.176 bytes disponíveis

Pós execução: 21 pasta(s) 24,136,183,808 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

269 --- E O F --- 2008-11-14 00:11:34

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:45:25, on 20/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\explorer.exe

C:\Hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896