[Resolvido!] Log para avaliação

[muhrninho 0]

Boa noite,

 

Hoje reparei que tenho as actualizações automáticas desactivadas e não as consigo voltar a activar e além disso de vez em quando oiço um som de erro mesmo sem aparecer alguma janela.

 

De seguida posto o log do HiJackThis:

 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:02:08, on 29-11-2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Programas\Alwil Software\Avast4\aswUpdSv.exeC:\Programas\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Programas\COMODO\Firewall\cmdagent.exeC:\Programas\Ficheiros comuns\Nero\Nero BackItUp 4\NBService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Programas\Alwil Software\Avast4\ashMaiSv.exeC:\Programas\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\ctfmon.exeC:\Programas\Kanguru\Kanguru.exeC:\Program Files\ASUS\Six Engine\SixEngine.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXEC:\Programas\Microsoft Office\Office12\GrooveMonitor.exeC:\Programas\COMODO\Firewall\cfp.exeC:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exeC:\Programas\Stardock\ObjectDock\ObjectDock.exeC:\Programas\Sports Interactive\Football Manager 2008\fm.exeC:\Programas\FM Modifier 2.2\FMM2.2.exeC:\Programas\COMODO\Firewall\cfpupdat.exeC:\WINDOWS\system32\rundll32.exeC:\HiJackThis\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgrounds.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = HiperligaçõesO4 - HKLM\..\Run: [HUAWEI E620 Data Card] C:\Programas\Kanguru\Kanguru.exeO4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -rO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startupO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programas\COMODO\Firewall\cfp.exe" -hO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Serviço de rede')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Startup: Stardock ObjectDock.lnk = C:\Programas\Stardock\ObjectDock\ObjectDock.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exeO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221737038748O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{7C150A96-C5DA-4278-9B31-C3AC5E072FFA}: NameServer = 62.169.67.171 62.169.67.172O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO20 - AppInit_DLLs:  C:\WINDOWS\system32\guard32.dll enptpa.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exeO23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Programas\COMODO\Firewall\cmdagent.exeO23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programas\NOS\bin\getPlus_HelperSvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programas\Ficheiros comuns\Nero\Nero BackItUp 4\NBService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exeO23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe--End of file - 6178 bytes

[DigRam 144]

Bom Dia! muhrninho

 

<@> Baixe: < ComboFix.exe >

<@> Salve-o no Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

<@> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" --> Enter.

----------------------

<@> Terminando,poste os relatórios: C:\ComboFix.txt

 

Abraços!

[muhrninho 0]

Bom dia e obrigado pela resposta tão pronta,

 

Em seguida posto o log pedido:

 

ComboFix 08-11-30.01 - mi_ 2008-12-01 10:57:22.3 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.2070.18.1528 [GMT 0:00]Executando de: c:\documents and settings\mi_\Ambiente de trabalho\ComboFix.exe * Criado um novo ponto de restauro.(((((((((((((((((((((((((((((((((((((   Outras Exclusões   ))))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.datc:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.datc:\documents and settings\mi_\Application Data\inst.exec:\windows\system32\bbdsefcc.dllc:\windows\system32\dkxcxnqk.dllc:\windows\system32\enhfiswq.inic:\windows\system32\enptpa.dllc:\windows\system32\kqnxcxkd.inic:\windows\system32\mpdhypxd.dll_oldc:\windows\system32\nnnNhfDV.dllc:\windows\system32\offvlqux.inic:\windows\system32\rqRIyWmN.dllc:\windows\system32\VDfhNnnn.inic:\windows\system32\VDfhNnnn.ini2c:\windows\system32\vtUolMgf.dllc:\windows\system32\yilvtyxx.dllc:\windows\system32\yzgpye.dllc:\windows\Tasks\cbpjnkcn.job----- BITS: Sites possivelmente infetados -----hxxp://childhe.com.((((((((((((((((   Arquivos/Ficheiros criados de 2008-11-01 to 2008-12-01  )))))))))))))))))))))))))))).2008-11-29 22:48 . 2008-11-29 22:48	<DIR>	d--------	c:\programas\TS Software2008-11-29 18:23 . 2008-11-29 18:23	<DIR>	d--------	c:\programas\EA SPORTS2008-11-26 19:19 . 2008-11-29 22:48	<DIR>	d--------	c:\programas\Saints & Sinners Bowling(2)2008-11-26 19:16 . 2008-11-26 19:16	<DIR>	d--------	c:\programas\ReflexiveArcade2008-11-26 12:02 . 2008-11-26 12:02	<DIR>	d--------	c:\programas\GamesBar2008-11-23 12:45 . 2008-11-23 12:45	<DIR>	d--------	c:\documents and settings\mi_\Application Data\PlayFirst2008-11-23 12:45 . 2008-11-23 12:45	<DIR>	d--------	c:\documents and settings\All Users\Application Data\PlayFirst2008-11-22 19:38 . 2008-11-22 19:38	4,096	--a------	c:\windows\d3dx.dat2008-11-22 11:56 . 2008-11-29 22:48	<DIR>	d--------	c:\programas\Oberon Media2008-11-22 11:56 . 2008-11-22 11:56	<DIR>	d--------	c:\programas\Ficheiros comuns\Oberon Media2008-11-22 11:56 . 2008-11-22 11:56	192,512	--a------	c:\windows\off-road-uninst.exe2008-11-12 18:37 . 2008-11-29 01:01	<DIR>	d--------	c:\programas\Premium Booster2008-11-12 18:31 . 2008-11-12 18:34	<DIR>	d--------	C:\vcs5BGEffects2008-11-12 16:21 . 2008-09-04 17:16	1,106,944	--a------	c:\windows\system32\SETD3.tmp2008-11-12 16:21 . 2008-09-04 17:16	1,106,944	-----c---	c:\windows\system32\dllcache\msxml3.dll2008-11-12 16:21 . 2008-10-24 11:21	455,296	-----c---	c:\windows\system32\dllcache\mrxsmb.sys2008-11-11 18:30 . 2008-11-11 18:31	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Nokia2008-11-11 18:26 . 2008-04-13 19:45	26,112	--a------	c:\windows\system32\drivers\usbser.sys2008-11-11 18:26 . 2008-04-13 19:45	26,112	--a--c---	c:\windows\system32\dllcache\usbser.sys2008-11-11 18:26 . 2008-11-11 18:26	0	--ah-----	c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf2008-11-11 18:26 . 2008-11-11 18:26	0	--ah-----	c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf2008-11-11 18:25 . 2008-03-21 13:57	14,640	---------	c:\windows\system32\spmsgXP_2k3.dll2008-11-11 14:56 . 2008-09-15 08:29	1,112,288	--a------	c:\windows\system32\wdfcoinstaller01007.dll2008-11-11 14:56 . 2008-09-15 08:56	659,968	--a------	c:\windows\system32\nmwcdcocls.dll2008-11-11 14:56 . 2008-09-15 08:56	22,016	--a------	c:\windows\system32\drivers\ccdcmbo.sys2008-11-11 14:56 . 2008-09-15 08:56	17,664	--a------	c:\windows\system32\drivers\ccdcmb.sys2008-11-11 14:56 . 2008-09-15 08:56	8,064	--a------	c:\windows\system32\drivers\usbser_lowerfltj.sys2008-11-11 14:56 . 2008-09-15 08:56	8,064	--a------	c:\windows\system32\drivers\usbser_lowerflt.sys2008-11-11 14:55 . 2008-11-11 14:55	<DIR>	d--------	c:\programas\MSXML 6.02008-11-11 14:55 . 2008-02-01 16:17	138,112	--a------	c:\windows\system32\drivers\nmwcdnsu.sys2008-11-11 14:55 . 2008-02-01 16:17	8,320	--a------	c:\windows\system32\drivers\nmwcdnsuc.sys2008-11-11 14:53 . 2008-11-11 14:53	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Installations2008-11-09 17:13 . 2008-11-09 17:13	<DIR>	d--------	c:\documents and settings\mi_\Application Data\Carnival Software2008-11-07 13:03 . 2008-11-07 13:03	<DIR>	d--------	c:\programas\Bethesda Softworks2008-11-07 13:03 . 2008-11-07 13:04	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Fallout32008-11-07 12:59 . 2008-11-07 12:59	<DIR>	d--------	c:\windows\system32\XPSViewer2008-11-07 12:59 . 2008-11-07 12:59	<DIR>	d--------	c:\programas\Reference Assemblies2008-11-07 12:58 . 2006-06-29 13:07	14,048	---------	c:\windows\system32\spmsg2.dll2008-11-07 12:56 . 2008-11-07 12:56	<DIR>	d--------	c:\windows\system32\xlive2008-11-03 20:56 . 2008-11-03 20:56	143,104	--a------	c:\windows\system32\guard32.dll2008-11-03 20:56 . 2008-11-03 20:56	87,056	--a------	c:\windows\system32\drivers\cmdguard.sys2008-11-03 20:56 . 2008-11-03 20:56	24,208	--a------	c:\windows\system32\drivers\cmdhlp.sys2008-11-03 10:45 . 2008-11-03 20:48	6,297	--a------	c:\windows\E220AutoRunLog.tmp2008-11-01 18:43 . 2008-11-01 18:43	<DIR>	d--------	c:\documents and settings\All Users\Application Data\vsosdk.(((((((((((((((((((((((((((((((((((((   Relatório Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-12-01 10:55	---------	d-----w	c:\programas\Kanguru2008-11-29 22:47	---------	d-----w	c:\programas\Spybot - Search & Destroy2008-11-29 22:47	---------	d-----w	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2008-11-29 20:23	---------	d-----w	c:\programas\ScanSpyware v3.82008-11-26 19:06	---------	d---a-w	c:\documents and settings\All Users\Application Data\TEMP2008-11-24 12:01	---------	d-----w	c:\documents and settings\mi_\Application Data\Vso2008-11-18 13:06	---------	d-----w	c:\programas\eMule2008-11-11 14:55	---------	d-----w	c:\programas\Nokia2008-11-11 14:54	---------	d-----w	c:\programas\Ficheiros comuns\Nokia2008-11-07 13:04	---------	d--h--w	c:\programas\InstallShield Installation Information2008-11-07 13:01	---------	d-----w	c:\programas\MSBuild2008-11-03 22:41	---------	d-----w	c:\programas\SystemRequirementsLab2008-11-03 21:27	---------	d-----w	c:\documents and settings\All Users\Application Data\comodo2008-11-03 20:56	---------	d-----w	c:\programas\COMODO2008-11-03 20:56	---------	d-----w	c:\documents and settings\mi_\Application Data\Comodo2008-11-03 20:32	---------	d-----w	c:\programas\SpywareBlaster2008-11-03 20:31	---------	d-----w	c:\programas\SUPERAntiSpyware2008-11-03 20:31	---------	d-----w	c:\documents and settings\mi_\Application Data\SUPERAntiSpyware.com2008-10-28 12:30	---------	d-----w	c:\programas\FM Modifier 2.22008-10-27 09:27	---------	d-----w	c:\documents and settings\mi_\Application Data\Sports Interactive2008-10-27 09:25	107,888	----a-w	c:\windows\system32\CmdLineExt.dll2008-10-27 09:25	---------	d--h--w	c:\programas\Zero G Registry2008-10-27 09:25	---------	d--h--r	c:\documents and settings\mi_\Application Data\SecuROM2008-10-27 09:23	---------	d-----w	c:\programas\Sports Interactive2008-10-27 09:20	---------	d-----w	c:\programas\DAEMON Tools Lite2008-10-27 09:14	717,296	----a-w	c:\windows\system32\drivers\sptd.sys2008-10-27 09:14	---------	d-----w	c:\documents and settings\mi_\Application Data\DAEMON Tools2008-10-27 00:04	---------	d-----w	c:\documents and settings\mi_\Application Data\Megaupload2008-10-27 00:04	---------	d-----w	c:\documents and settings\mi_\Application Data\EmailNotifier2008-10-27 00:04	---------	d-----w	c:\documents and settings\All Users\Application Data\Megaupload2008-10-27 00:04	---------	d-----w	c:\documents and settings\All Users\Application Data\EmailNotifier2008-10-24 11:21	455,296	----a-w	c:\windows\system32\drivers\mrxsmb.sys2008-10-24 00:01	---------	d-----w	c:\documents and settings\All Users\Application Data\2DBoy2008-10-24 00:00	---------	d-----w	c:\programas\WorldOfGoo2008-10-22 09:52	47,360	----a-w	c:\windows\system32\drivers\pcouffin.sys2008-10-22 09:52	47,360	----a-w	c:\documents and settings\mi_\Application Data\pcouffin.sys2008-10-22 09:51	---------	d-----w	c:\programas\VSO2008-10-22 09:27	---------	d-----w	c:\documents and settings\All Users\Application Data\Nero2008-10-18 14:36	---------	d-----w	c:\programas\Rockstar Games2008-10-16 14:13	202,776	----a-w	c:\windows\system32\wuweb.dll2008-10-16 14:13	1,809,944	----a-w	c:\windows\system32\wuaueng.dll2008-10-16 14:12	561,688	----a-w	c:\windows\system32\wuapi.dll2008-10-16 14:12	323,608	----a-w	c:\windows\system32\wucltui.dll2008-10-16 14:09	92,696	----a-w	c:\windows\system32\cdm.dll2008-10-16 14:09	51,224	----a-w	c:\windows\system32\wuauclt.exe2008-10-16 14:09	43,544	----a-w	c:\windows\system32\wups2.dll2008-10-16 14:08	34,328	----a-w	c:\windows\system32\wups.dll2008-10-13 18:53	---------	d-----w	c:\programas\Unlocker2008-10-11 16:59	---------	d--h--w	c:\programas\Lphant2008-10-09 23:23	---------	d-----w	c:\programas\MSXML 4.02008-10-09 10:47	---------	d-----w	c:\documents and settings\mi_\Application Data\Nero2008-10-08 23:18	---------	d-----w	c:\programas\Ficheiros comuns\Nero2008-10-08 23:07	---------	d-----w	c:\programas\Nero2008-10-08 23:06	---------	d-----w	c:\programas\Windows Sidebar2008-10-07 10:40	---------	d-----w	c:\documents and settings\All Users\Application Data\WinZip2008-10-06 22:56	---------	d-----w	c:\programas\Oak Systems2008-10-05 12:38	---------	d-----w	c:\documents and settings\mi_\Application Data\Datalayer2008-10-04 11:00	---------	d-----w	c:\documents and settings\mi_\Application Data\Nokia Multimedia Player2008-10-04 10:58	---------	d-----w	c:\documents and settings\mi_\Application Data\Nokia2008-10-04 10:03	---------	d-----w	c:\programas\Maxis2008-09-30 16:43	1,286,152	----a-w	c:\windows\system32\msxml4.dll2008-09-18 22:05	249,592	----a-w	c:\windows\system32\cssdll32.dll2008-09-18 20:44	66,872	----a-w	c:\windows\system32\PnkBstrA.exe2008-09-18 20:44	22,328	----a-w	c:\documents and settings\mi_\Application Data\PnkBstrK.sys2008-09-18 20:44	2,337,865	----a-w	c:\windows\system32\pbsvc.exe2008-09-18 20:44	107,832	----a-w	c:\windows\system32\PnkBstrB.exe2008-09-18 12:16	315,392	----a-w	c:\windows\HideWin.exe2008-09-15 15:25	1,846,528	----a-w	c:\windows\system32\win32k.sys2008-09-15 08:56	91,136	----a-w	c:\windows\system32\nmwcdcls.dll2008-09-10 01:15	1,307,648	------w	c:\windows\system32\msxml6.dll2008-09-04 17:16	1,106,944	----a-w	c:\windows\system32\msxml3.dll2006-06-24 06:48	32,768	----a-r	c:\windows\inf\UpdateUSB.exe.((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))..*Nota* entradas vazias e legítimas por defeito não são mostradas.REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"HUAWEI E620 Data Card"="c:\programas\Kanguru\Kanguru.exe" [2006-10-06 679936]"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-03 5964800]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]"Adobe Reader Speed Launcher"="c:\programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]"GrooveMonitor"="c:\programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]"COMODO Firewall Pro"="c:\programas\COMODO\Firewall\cfp.exe" [2008-11-03 1655552]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\mi_\Menu Iniciar\Programas\Arranque\Stardock ObjectDock.lnk - c:\programas\Stardock\ObjectDock\ObjectDock.exe [2008-09-18 3450608][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoResolveTrack"= 1 (0x1)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoResolveTrack"= 1 (0x1)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKEY_LOCAL_MACHINE\software\microsoft\security center]"UpdatesDisableNotify"=dword:00000001"AntiVirusDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"DisableNotifications"= 1 (0x1)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="wmsncs.exe"= wmsncs.exe:SYSTEM"c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Programas\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="c:\\Programas\\MSN Messenger\\msnmsgr.exe"="c:\\Programas\\MSN Messenger\\livecall.exe"="c:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Programas\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Programas\\Sports Interactive\\Football Manager 2008\\fm.exe"="c:\\Programas\\Lphant\\eLePhantClient.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8080:TCP"= 8080:TCP:PORT1"8081:TCP"= 8081:TCP:PORT2"1013:TCP"= 1013:TCP:BS"4799:TCP"= 4799:TCP:FD"1288:TCP"= 1288:TCP:FD"3232:TCP"= 3232:TCP:FDR0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2008-06-10 150568]R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-18 78416]R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-11-03 87056]R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-11-03 24208]R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-09-18 20560]R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\programas\Ficheiros comuns\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]S3 getPlus(R) Helper;getPlus(R) Helper;c:\programas\NOS\bin\getPlus_HelperSvc.exe [2008-09-19 33752]S3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1e51x86.sys [2008-09-18 36864]S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-11-11 138112]S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-11-11 8320]S4 hpt3xx;hpt3xx; [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38ff7606-a3a0-11dd-8c60-c15797a8a658}]\Shell\AutoRun\command - E:\AutoRun.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88a3fa1c-a9e8-11dd-8c6e-eb232112bcad}]\Shell\AutoRun\command - E:\AutoRun.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bc4c3ec-8570-11dd-ab38-b175dc5697dc}]\Shell\AutoRun\command - E:\AutoRun.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8f43420-a9a3-11dd-8c6a-e1ff094e4cd7}]\Shell\AutoRun\command - E:\AutoRun.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8f43421-a9a3-11dd-8c6a-e1ff094e4cd7}]\Shell\AutoRun\command - E:\AutoRun.exe.- - - - ORFÃOS REMOVIDOS - - - -BHO-{ca08fb82-61b3-4c37-8e2a-3c55802267e0} - c:\windows\system32\yzgpye.dllBHO-{E0A7828F-907F-40B6-84A6-E935301FA449} - c:\windows\system32\nnnNhfDV.dllWebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file).------- Scan Suplementar -------.FireFox -: Profile - c:\documents and settings\mi_\Application Data\Mozilla\Firefox\Profiles\suyxigjp.default\FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.newgrounds.com/FF -: plugin - c:\documents and settings\mi_\Application Data\Mozilla\Firefox\Profiles\suyxigjp.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dllFF -: plugin - c:\programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dllFF -: plugin - c:\programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dllFF -: plugin - c:\programas\Mozilla Firefox\plugins\np_gp.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-12-01 11:01:20Windows 5.1.2600 Service Pack 3 NTFSProcurando processos ocultos ...Procurando entradas auto inicializáveis ocultas ...Procurando ficheiros/arquivos ocultos ...Varredura completada com sucessoarquivos/ficheiros ocultos: 0**************************************************************************.------------------------ Outros Processos em Execução ------------------------.c:\programas\Alwil Software\Avast4\aswUpdSv.exec:\programas\Alwil Software\Avast4\ashServ.exec:\programas\COMODO\Firewall\cmdagent.exec:\windows\system32\nvsvc32.exec:\windows\system32\PnkBstrA.exec:\windows\system32\PnkBstrB.exec:\programas\Alwil Software\Avast4\ashMaiSv.exec:\programas\Alwil Software\Avast4\ashWebSv.exec:\windows\system32\rundll32.exec:\programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe.**************************************************************************.Tempo para conclusão: 2008-12-01 11:03:07 - Máquina reiniciouComboFix-quarantined-files.txt  2008-12-01 11:03:04Pré-execução: 73.642.299.392 bytes livresPós execução: 73,587,200,000 bytes livresWindowsXP-KB310994-SP2-Home-BootDisk-PTG.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn275	--- E O F ---	2008-11-13 23:33:59

[muhrninho 0]

:thumbsup:

[DigRam 144]

Bom Dia! muhrninho

 

Insira sua(s) unidade(s) removíveis,caso às possua,na entrada USB. ( pendrive,mp3,mp4,iPods,etc... )

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

E:\AutoRun.exe

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38ff7606-a3a0-11dd-8c60-c15797a8a658}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88a3fa1c-a9e8-11dd-8c6e-eb232112bcad}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bc4c3ec-8570-11dd-ab38-b175dc5697dc}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8f43420-a9a3-11dd-8c6a-e1ff094e4cd7}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8f43421-a9a3-11dd-8c6a-e1ff094e4cd7}]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000000

"AntiVirusDisableNotify"=dword:00000000

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[muhrninho 0]

Bom Dia DigRam abaixo seguem os logs pedidos:

 

HiJackThis:

 

 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:42:50, on 02-12-2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Programas\Alwil Software\Avast4\aswUpdSv.exeC:\Programas\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Programas\COMODO\Firewall\cmdagent.exeC:\Programas\Ficheiros comuns\Nero\Nero BackItUp 4\NBService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Programas\Alwil Software\Avast4\ashMaiSv.exeC:\Programas\Alwil Software\Avast4\ashWebSv.exeC:\Programas\Kanguru\Kanguru.exeC:\Program Files\ASUS\Six Engine\SixEngine.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXEC:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exeC:\Programas\Microsoft Office\Office12\GrooveMonitor.exeC:\Programas\COMODO\Firewall\cfp.exeC:\WINDOWS\system32\ctfmon.exeC:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exeC:\Programas\Stardock\ObjectDock\ObjectDock.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\explorer.exeC:\Programas\Mozilla Firefox\firefox.exeC:\HiJackThis\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgrounds.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = HiperligaçõesO4 - HKLM\..\Run: [HUAWEI E620 Data Card] C:\Programas\Kanguru\Kanguru.exeO4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -rO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startupO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programas\COMODO\Firewall\cfp.exe" -hO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Startup: Stardock ObjectDock.lnk = C:\Programas\Stardock\ObjectDock\ObjectDock.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exeO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221737038748O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{7C150A96-C5DA-4278-9B31-C3AC5E072FFA}: NameServer = 62.169.67.172 62.169.67.171O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exeO23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Programas\COMODO\Firewall\cmdagent.exeO23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programas\NOS\bin\getPlus_HelperSvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programas\Ficheiros comuns\Nero\Nero BackItUp 4\NBService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exeO23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe--End of file - 5868 bytes

 

 

ComboFix:

 

 ComboFix 08-12-01.01 - mi_ 2008-12-02 10:35:14.4 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.2070.18.1466 [GMT 0:00]Executando de: c:\documents and settings\mi_\Ambiente de trabalho\ComboFix.exeComandos utilizados :: c:\documents and settings\mi_\Ambiente de trabalho\CFScript.txt * Criado um novo ponto de restauroFILE ::E:\AutoRun.exe.(((((((((((((((((((((((((((((((((((((   Outras Exclusões   ))))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\iE:\AutoRun.exe . . . . falha na exclusão.((((((((((((((((   Arquivos/Ficheiros criados de 2008-11-02 to 2008-12-02  )))))))))))))))))))))))))))).2008-12-01 15:01 . 2008-12-01 15:01	<DIR>	d--------	c:\programas\MegaDev2008-12-01 12:33 . 2008-12-01 21:09	<DIR>	d--------	c:\documents and settings\mi_\Application Data\temp2008-11-29 22:48 . 2008-11-29 22:48	<DIR>	d--------	c:\programas\TS Software2008-11-29 18:23 . 2008-11-29 18:23	<DIR>	d--------	c:\programas\EA SPORTS2008-11-26 19:19 . 2008-11-29 22:48	<DIR>	d--------	c:\programas\Saints & Sinners Bowling(2)2008-11-26 19:16 . 2008-11-26 19:16	<DIR>	d--------	c:\programas\ReflexiveArcade2008-11-26 12:02 . 2008-11-26 12:02	<DIR>	d--------	c:\programas\GamesBar2008-11-23 12:45 . 2008-11-23 12:45	<DIR>	d--------	c:\documents and settings\mi_\Application Data\PlayFirst2008-11-23 12:45 . 2008-11-23 12:45	<DIR>	d--------	c:\documents and settings\All Users\Application Data\PlayFirst2008-11-22 19:38 . 2008-11-22 19:38	4,096	--a------	c:\windows\d3dx.dat2008-11-22 11:56 . 2008-11-29 22:48	<DIR>	d--------	c:\programas\Oberon Media2008-11-22 11:56 . 2008-11-22 11:56	<DIR>	d--------	c:\programas\Ficheiros comuns\Oberon Media2008-11-22 11:56 . 2008-11-22 11:56	192,512	--a------	c:\windows\off-road-uninst.exe2008-11-12 18:37 . 2008-11-29 01:01	<DIR>	d--------	c:\programas\Premium Booster2008-11-12 18:31 . 2008-11-12 18:34	<DIR>	d--------	C:\vcs5BGEffects2008-11-12 16:21 . 2008-09-04 17:16	1,106,944	--a------	c:\windows\system32\SETD3.tmp2008-11-12 16:21 . 2008-09-04 17:16	1,106,944	-----c---	c:\windows\system32\dllcache\msxml3.dll2008-11-12 16:21 . 2008-10-24 11:21	455,296	-----c---	c:\windows\system32\dllcache\mrxsmb.sys2008-11-11 18:30 . 2008-11-11 18:31	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Nokia2008-11-11 18:26 . 2008-04-13 19:45	26,112	--a------	c:\windows\system32\drivers\usbser.sys2008-11-11 18:26 . 2008-04-13 19:45	26,112	--a--c---	c:\windows\system32\dllcache\usbser.sys2008-11-11 18:26 . 2008-11-11 18:26	0	--ah-----	c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf2008-11-11 18:26 . 2008-11-11 18:26	0	--ah-----	c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf2008-11-11 18:25 . 2008-03-21 13:57	14,640	---------	c:\windows\system32\spmsgXP_2k3.dll2008-11-11 14:56 . 2008-09-15 08:29	1,112,288	--a------	c:\windows\system32\wdfcoinstaller01007.dll2008-11-11 14:56 . 2008-09-15 08:56	659,968	--a------	c:\windows\system32\nmwcdcocls.dll2008-11-11 14:56 . 2008-09-15 08:56	22,016	--a------	c:\windows\system32\drivers\ccdcmbo.sys2008-11-11 14:56 . 2008-09-15 08:56	17,664	--a------	c:\windows\system32\drivers\ccdcmb.sys2008-11-11 14:56 . 2008-09-15 08:56	8,064	--a------	c:\windows\system32\drivers\usbser_lowerfltj.sys2008-11-11 14:56 . 2008-09-15 08:56	8,064	--a------	c:\windows\system32\drivers\usbser_lowerflt.sys2008-11-11 14:55 . 2008-11-11 14:55	<DIR>	d--------	c:\programas\MSXML 6.02008-11-11 14:55 . 2008-02-01 16:17	138,112	--a------	c:\windows\system32\drivers\nmwcdnsu.sys2008-11-11 14:55 . 2008-02-01 16:17	8,320	--a------	c:\windows\system32\drivers\nmwcdnsuc.sys2008-11-11 14:53 . 2008-11-11 14:53	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Installations2008-11-09 17:13 . 2008-11-09 17:13	<DIR>	d--------	c:\documents and settings\mi_\Application Data\Carnival Software2008-11-07 13:03 . 2008-11-07 13:03	<DIR>	d--------	c:\programas\Bethesda Softworks2008-11-07 13:03 . 2008-11-07 13:04	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Fallout32008-11-07 12:59 . 2008-11-07 12:59	<DIR>	d--------	c:\windows\system32\XPSViewer2008-11-07 12:59 . 2008-11-07 12:59	<DIR>	d--------	c:\programas\Reference Assemblies2008-11-07 12:58 . 2006-06-29 13:07	14,048	---------	c:\windows\system32\spmsg2.dll2008-11-07 12:56 . 2008-11-07 12:56	<DIR>	d--------	c:\windows\system32\xlive2008-11-03 20:56 . 2008-11-03 20:56	143,104	--a------	c:\windows\system32\guard32.dll2008-11-03 20:56 . 2008-11-03 20:56	87,056	--a------	c:\windows\system32\drivers\cmdguard.sys2008-11-03 20:56 . 2008-11-03 20:56	24,208	--a------	c:\windows\system32\drivers\cmdhlp.sys2008-11-03 10:45 . 2008-11-03 20:48	6,297	--a------	c:\windows\E220AutoRunLog.tmp.(((((((((((((((((((((((((((((((((((((   Relatório Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-12-02 10:24	---------	d-----w	c:\programas\Kanguru2008-11-29 22:47	---------	d-----w	c:\programas\Spybot - Search & Destroy2008-11-29 22:47	---------	d-----w	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2008-11-29 20:23	---------	d-----w	c:\programas\ScanSpyware v3.82008-11-26 19:06	---------	d---a-w	c:\documents and settings\All Users\Application Data\TEMP2008-11-24 12:01	---------	d-----w	c:\documents and settings\mi_\Application Data\Vso2008-11-18 13:06	---------	d-----w	c:\programas\eMule2008-11-11 14:55	---------	d-----w	c:\programas\Nokia2008-11-11 14:54	---------	d-----w	c:\programas\Ficheiros comuns\Nokia2008-11-07 13:04	---------	d--h--w	c:\programas\InstallShield Installation Information2008-11-07 13:01	---------	d-----w	c:\programas\MSBuild2008-11-03 22:41	---------	d-----w	c:\programas\SystemRequirementsLab2008-11-03 21:27	---------	d-----w	c:\documents and settings\All Users\Application Data\comodo2008-11-03 20:56	---------	d-----w	c:\programas\COMODO2008-11-03 20:56	---------	d-----w	c:\documents and settings\mi_\Application Data\Comodo2008-11-03 20:32	---------	d-----w	c:\programas\SpywareBlaster2008-11-03 20:31	---------	d-----w	c:\programas\SUPERAntiSpyware2008-11-03 20:31	---------	d-----w	c:\documents and settings\mi_\Application Data\SUPERAntiSpyware.com2008-11-01 18:43	---------	d-----w	c:\documents and settings\All Users\Application Data\vsosdk2008-10-28 12:30	---------	d-----w	c:\programas\FM Modifier 2.22008-10-27 09:27	---------	d-----w	c:\documents and settings\mi_\Application Data\Sports Interactive2008-10-27 09:25	107,888	----a-w	c:\windows\system32\CmdLineExt.dll2008-10-27 09:25	---------	d--h--w	c:\programas\Zero G Registry2008-10-27 09:25	---------	d--h--r	c:\documents and settings\mi_\Application Data\SecuROM2008-10-27 09:23	---------	d-----w	c:\programas\Sports Interactive2008-10-27 09:20	---------	d-----w	c:\programas\DAEMON Tools Lite2008-10-27 09:14	717,296	----a-w	c:\windows\system32\drivers\sptd.sys2008-10-27 09:14	---------	d-----w	c:\documents and settings\mi_\Application Data\DAEMON Tools2008-10-27 00:04	---------	d-----w	c:\documents and settings\mi_\Application Data\Megaupload2008-10-27 00:04	---------	d-----w	c:\documents and settings\mi_\Application Data\EmailNotifier2008-10-27 00:04	---------	d-----w	c:\documents and settings\All Users\Application Data\Megaupload2008-10-27 00:04	---------	d-----w	c:\documents and settings\All Users\Application Data\EmailNotifier2008-10-24 11:21	455,296	----a-w	c:\windows\system32\drivers\mrxsmb.sys2008-10-24 00:01	---------	d-----w	c:\documents and settings\All Users\Application Data\2DBoy2008-10-24 00:00	---------	d-----w	c:\programas\WorldOfGoo2008-10-22 09:52	47,360	----a-w	c:\windows\system32\drivers\pcouffin.sys2008-10-22 09:52	47,360	----a-w	c:\documents and settings\mi_\Application Data\pcouffin.sys2008-10-22 09:51	---------	d-----w	c:\programas\VSO2008-10-22 09:27	---------	d-----w	c:\documents and settings\All Users\Application Data\Nero2008-10-18 14:36	---------	d-----w	c:\programas\Rockstar Games2008-10-16 14:13	202,776	----a-w	c:\windows\system32\wuweb.dll2008-10-16 14:13	1,809,944	----a-w	c:\windows\system32\wuaueng.dll2008-10-16 14:12	561,688	----a-w	c:\windows\system32\wuapi.dll2008-10-16 14:12	323,608	----a-w	c:\windows\system32\wucltui.dll2008-10-16 14:09	92,696	----a-w	c:\windows\system32\cdm.dll2008-10-16 14:09	51,224	----a-w	c:\windows\system32\wuauclt.exe2008-10-16 14:09	43,544	----a-w	c:\windows\system32\wups2.dll2008-10-16 14:08	34,328	----a-w	c:\windows\system32\wups.dll2008-10-13 18:53	---------	d-----w	c:\programas\Unlocker2008-10-11 16:59	---------	d--h--w	c:\programas\Lphant2008-10-09 23:23	---------	d-----w	c:\programas\MSXML 4.02008-10-09 10:47	---------	d-----w	c:\documents and settings\mi_\Application Data\Nero2008-10-08 23:18	---------	d-----w	c:\programas\Ficheiros comuns\Nero2008-10-08 23:07	---------	d-----w	c:\programas\Nero2008-10-08 23:06	---------	d-----w	c:\programas\Windows Sidebar2008-10-07 10:40	---------	d-----w	c:\documents and settings\All Users\Application Data\WinZip2008-10-06 22:56	---------	d-----w	c:\programas\Oak Systems2008-10-05 12:38	---------	d-----w	c:\documents and settings\mi_\Application Data\Datalayer2008-10-04 11:00	---------	d-----w	c:\documents and settings\mi_\Application Data\Nokia Multimedia Player2008-10-04 10:58	---------	d-----w	c:\documents and settings\mi_\Application Data\Nokia2008-10-04 10:03	---------	d-----w	c:\programas\Maxis2008-09-30 16:43	1,286,152	----a-w	c:\windows\system32\msxml4.dll2008-09-18 22:05	249,592	----a-w	c:\windows\system32\cssdll32.dll2008-09-18 20:44	66,872	----a-w	c:\windows\system32\PnkBstrA.exe2008-09-18 20:44	22,328	----a-w	c:\documents and settings\mi_\Application Data\PnkBstrK.sys2008-09-18 20:44	2,337,865	----a-w	c:\windows\system32\pbsvc.exe2008-09-18 20:44	107,832	----a-w	c:\windows\system32\PnkBstrB.exe2008-09-18 12:16	315,392	----a-w	c:\windows\HideWin.exe2008-09-15 15:25	1,846,528	----a-w	c:\windows\system32\win32k.sys2008-09-15 08:56	91,136	----a-w	c:\windows\system32\nmwcdcls.dll2008-09-10 01:15	1,307,648	------w	c:\windows\system32\msxml6.dll2008-09-04 17:16	1,106,944	----a-w	c:\windows\system32\msxml3.dll2006-06-24 06:48	32,768	----a-r	c:\windows\inf\UpdateUSB.exe.(((((((((((((((((((((((((((((   snapshot@2008-12-01_11.02.48.93   ))))))))))))))))))))))))))))))))))))))))).+ 2008-12-02 10:38:18	16,384	----atw	c:\windows\Temp\Perflib_Perfdata_430.dat.((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))..*Nota* entradas vazias e legítimas por defeito não são mostradas.REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"HUAWEI E620 Data Card"="c:\programas\Kanguru\Kanguru.exe" [2006-10-06 679936]"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-03 5964800]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]"Adobe Reader Speed Launcher"="c:\programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]"GrooveMonitor"="c:\programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]"COMODO Firewall Pro"="c:\programas\COMODO\Firewall\cfp.exe" [2008-11-03 1655552]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\mi_\Menu Iniciar\Programas\Arranque\Stardock ObjectDock.lnk - c:\programas\Stardock\ObjectDock\ObjectDock.exe [2008-09-18 3450608][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoResolveTrack"= 1 (0x1)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoResolveTrack"= 1 (0x1)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"DisableNotifications"= 1 (0x1)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="wmsncs.exe"= wmsncs.exe:SYSTEM"c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Programas\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="c:\\Programas\\MSN Messenger\\msnmsgr.exe"="c:\\Programas\\MSN Messenger\\livecall.exe"="c:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Programas\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Programas\\Sports Interactive\\Football Manager 2008\\fm.exe"="c:\\Programas\\Lphant\\eLePhantClient.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8080:TCP"= 8080:TCP:PORT1"8081:TCP"= 8081:TCP:PORT2"1013:TCP"= 1013:TCP:BS"4799:TCP"= 4799:TCP:FD"1288:TCP"= 1288:TCP:FD"3232:TCP"= 3232:TCP:FDR0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2008-06-10 150568]R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-18 78416]R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-11-03 87056]R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-11-03 24208]R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-09-18 20560]R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\programas\Ficheiros comuns\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]S3 getPlus(R) Helper;getPlus(R) Helper;c:\programas\NOS\bin\getPlus_HelperSvc.exe [2008-09-19 33752]S3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1e51x86.sys [2008-09-18 36864]S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-11-11 138112]S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-11-11 8320]S4 hpt3xx;hpt3xx; [].**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-12-02 10:38:27Windows 5.1.2600 Service Pack 3 NTFSProcurando processos ocultos ...Procurando entradas auto inicializáveis ocultas ...Procurando ficheiros/arquivos ocultos ...Varredura completada com sucessoarquivos/ficheiros ocultos: 0**************************************************************************.------------------------ Outros Processos em Execução ------------------------.c:\programas\Alwil Software\Avast4\aswUpdSv.exec:\programas\Alwil Software\Avast4\ashServ.exec:\programas\COMODO\Firewall\cmdagent.exec:\windows\system32\nvsvc32.exec:\windows\system32\PnkBstrA.exec:\windows\system32\PnkBstrB.exec:\programas\Alwil Software\Avast4\ashMaiSv.exec:\programas\Alwil Software\Avast4\ashWebSv.exec:\windows\system32\rundll32.exec:\programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe.**************************************************************************.Tempo para conclusão: 2008-12-02 10:40:08 - Máquina reiniciouComboFix-quarantined-files.txt  2008-12-02 10:40:05ComboFix2.txt  2008-12-01 11:03:08Pré-execução: 72.767.434.752 bytes livresPós execução: 72,754,798,592 bytes livres233	--- E O F ---	2008-11-13 23:33:59

[DigRam 144]

Bom Dia! muhrninho

 

<@> Baixe: < UsbFix.exe > ( ...par Chiquitine29 et Chimay8 )

<@> Salve-o no Desktop!

<@> Desabilite,temporariamente,seus programas de proteção. <-- ( antivírus,antispyware e firewall )

<@> Para maiores detalhes,na instalação,siga as recomendações deste Tutorial. <-- Link

<@> Execute a ferramenta,com um duplo-clique em UsbFix.exe.

<@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... )

<@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok.

<@> O computador irá reiniciar. <-- Aguarde!

<@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta.

<@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante!

<@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter.

<@> Poste o relatório,que estará em: C:\UsbFix.txt + HijackThis,atualizado.

 

Abraços!

[muhrninho 0]

Bom dia, DigRam

 

Em seguida posto os logs pedidos:

 

UsbFix:

 

 -------------- UsbFix V2.413.2 ---------------* User : mi_ - JOMI* Outils mis a jours le 01/12/2008 par Chiquitine29 et Chimay8* Recherche effectuée à 11:08:14 le 03-12-2008* Windows Xp - Internet Explorer 7.0.5730.13     --------------- [ Processus actifs ] ----------------      C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Programas\Alwil Software\Avast4\aswUpdSv.exeC:\Programas\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\userinit.exeC:\WINDOWS\system32\spoolsv.exeC:\Programas\COMODO\Firewall\cmdagent.exeC:\Programas\Ficheiros comuns\Nero\Nero BackItUp 4\NBService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Programas\Alwil Software\Avast4\ashMaiSv.exeC:\Programas\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\System32\alg.exeC:\DOCUME~1\mi_\DEFINI~1\Temp\2.tmp\b2e.exeC:\Programas\Kanguru\Kanguru.exeC:\Program Files\ASUS\Six Engine\SixEngine.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXEC:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exeC:\Programas\Microsoft Office\Office12\GrooveMonitor.exeC:\Programas\COMODO\Firewall\cfp.exeC:\WINDOWS\system32\ctfmon.exeC:\Programas\Stardock\ObjectDock\ObjectDock.exeC:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe  --------------- [ Informations lecteurs ] ----------------     C: - Unidade fixaE: - Unidade de CD-ROMG: - Unidade amov¡velH: - Unidade amov¡velI: - Unidade amov¡vel +- Contenu de l'autorun : E:\autorun.inf  [AutoRun]open=AutoRun.exeicon=Signal.ico--------------- [ Lecteur C ] ---------------- C: - Unidade fixa+- Listing des fichiers présents :[18-09-2008 10:54][--a------] C:\AUTOEXEC.BAT   [18-09-2008 11:47][-rahs----] C:\NTDETECT.COM   [01-12-2008 10:56][-rahs----] C:\boot.ini   [03-12-2008 11:08][--a------] C:\UsbFix.txt   [18-09-2008 10:54][--a------] C:\CONFIG.SYS   [18-09-2008 10:54][--a------] C:\IO.SYS   [18-09-2008 10:54][--a------] C:\MSDOS.SYS   [18-09-2008 10:54][--a------] C:\pagefile.sys   --------------- [ Lecteur E ] ---------------- E: - Unidade de CD-ROM+- Listing des fichiers présents :[29-08-2006 03:59][-r-------] E:\AutoRun.exe   [29-08-2006 03:59][-r-------] E:\DelDev.exe   [29-08-2006 03:59][-r-------] E:\ResetDevice.exe   [28-09-2006 12:38][-r-------] E:\AUTORUN.INF   --------------- [ Lecteur G ] ---------------- G: - Unidade amov¡vel+- Listing des fichiers présents :--------------- [ Lecteur H ] ---------------- H: - Unidade amov¡vel+- Listing des fichiers présents :--------------- [ Lecteur I ] ---------------- I: - Unidade amov¡vel+- Listing des fichiers présents :  --------------- [ Registre / Startup ] ----------------    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch""Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]   ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]   HUAWEI E620 Data Card=C:\Programas\Kanguru\Kanguru.exe   Six Engine="C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r   NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit   PCSuiteTrayApplication=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup   Adobe Reader Speed Launcher="C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"   GrooveMonitor="C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"   COMODO Firewall Pro="C:\Programas\COMODO\Firewall\cfp.exe" -h   NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=   <NO NAME>=HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=   Installed=1   <NO NAME>=HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=   NoChange=1   Installed=1   <NO NAME>=HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=   Installed=1   <NO NAME>=  --------------- [ Registre / Mountpoint2 ] ----------------       -> Recherche négative.   --------------- [ Nettoyage des disques ] ----------------      Echec de la supression !! - [28-09-2006 12:38] E:\autorun.inf   Echec de la supression !! - [29-08-2006 03:59] E:\autorun.exe   Echec de la supression !! - [28-09-2006 12:38] E:\autorun.inf   Echec de la supression !! - [28-09-2006 12:38] E:\autorun.inf     --------------- [ Resumé ] ----------------      -> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste  /!\     [18-09-2008 10:54][--a------] C:\AUTOEXEC.BAT   [18-09-2008 11:47][-rahs----] C:\NTDETECT.COM   [01-12-2008 10:56][-rahs----] C:\boot.ini   [29-08-2006 03:59][-r-------] E:\AutoRun.exe   [29-08-2006 03:59][-r-------] E:\DelDev.exe   [29-08-2006 03:59][-r-------] E:\ResetDevice.exe   [28-09-2006 12:38][-r-------] E:\AUTORUN.INF    --------------- ! Fin du rapport ! ----------------

 

 

HiJackThis:

 

 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:16:25, on 03-12-2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Programas\Alwil Software\Avast4\aswUpdSv.exeC:\Programas\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Programas\COMODO\Firewall\cmdagent.exeC:\Programas\Ficheiros comuns\Nero\Nero BackItUp 4\NBService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Programas\Alwil Software\Avast4\ashMaiSv.exeC:\Programas\Alwil Software\Avast4\ashWebSv.exeC:\Programas\Kanguru\Kanguru.exeC:\Program Files\ASUS\Six Engine\SixEngine.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXEC:\Programas\Microsoft Office\Office12\GrooveMonitor.exeC:\Programas\COMODO\Firewall\cfp.exeC:\WINDOWS\system32\ctfmon.exeC:\Programas\Stardock\ObjectDock\ObjectDock.exeC:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exeC:\WINDOWS\explorer.exeC:\Programas\Mozilla Firefox\firefox.exeC:\HiJackThis\HiJackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = HiperligaçõesO4 - HKLM\..\Run: [HUAWEI E620 Data Card] C:\Programas\Kanguru\Kanguru.exeO4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -rO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startupO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programas\COMODO\Firewall\cfp.exe" -hO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Startup: Stardock ObjectDock.lnk = C:\Programas\Stardock\ObjectDock\ObjectDock.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exeO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221737038748O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{7C150A96-C5DA-4278-9B31-C3AC5E072FFA}: NameServer = 62.169.67.171 62.169.67.172O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exeO23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Programas\COMODO\Firewall\cmdagent.exeO23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programas\NOS\bin\getPlus_HelperSvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programas\Ficheiros comuns\Nero\Nero BackItUp 4\NBService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exeO23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe--End of file - 5664 bytes

[muhrninho 0]

Muito obrigado pela paciência :thumbsup:

[DigRam 144]

Bom Dia! muhrninho

 

<@> Vá a este Link,e baixe:

 

< Malwarebytes >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Rápido!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens,detectados,para a quarentena.

<@> Para maiores detalhes: < Link >

-----------------------

<@> Poste,os relatórios: mbam-log-2008-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

[muhrninho 0]

Bom dia DigRam

 

De seguida posto os logs pedidos:

 

malwarebytes:

 

Malwarebytes' Anti-Malware 1.31Versão do banco de dados: 1459Windows 5.1.2600 Service Pack 304-12-2008 11:06:22mbam-log-2008-12-04 (11-06-22).txtTipo de Verificação: RápidaObjetos verificados: 54548Tempo decorrido: 39 second(s)Processos da Memória infectados: 0Módulos de Memória Infectados: 0Chaves do Registo infectadas: 1Valores do Registo infectados: 0Ítens do Registo infectados: 0Pastas infectadas: 0Ficheiros infectados: 0Processos da Memória infectados:(Nenhum item malicioso foi detectado)Módulos de Memória Infectados:(Nenhum item malicioso foi detectado)Chaves do Registo infectadas:HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.Valores do Registo infectados:(Nenhum item malicioso foi detectado)Ítens do Registo infectados:(Nenhum item malicioso foi detectado)Pastas infectadas:(Nenhum item malicioso foi detectado)Ficheiros infectados:(Nenhum item malicioso foi detectado)

 

HiJackThis:

 

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:08:47, on 04-12-2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Programas\Alwil Software\Avast4\aswUpdSv.exeC:\Programas\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Programas\COMODO\Firewall\cmdagent.exeC:\Programas\Ficheiros comuns\Nero\Nero BackItUp 4\NBService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Programas\Kanguru\Kanguru.exeC:\Program Files\ASUS\Six Engine\SixEngine.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXEC:\Programas\Microsoft Office\Office12\GrooveMonitor.exeC:\Programas\COMODO\Firewall\cfp.exeC:\WINDOWS\system32\ctfmon.exeC:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exeC:\Programas\Stardock\ObjectDock\ObjectDock.exeC:\Programas\Mozilla Firefox\firefox.exeC:\Programas\MSN Messenger\usnsvc.exeC:\Programas\Alwil Software\Avast4\ashDisp.exeC:\WINDOWS\system32\wscntfy.exeC:\HiJackThis\HiJackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = HiperligaçõesO4 - HKLM\..\Run: [HUAWEI E620 Data Card] C:\Programas\Kanguru\Kanguru.exeO4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -rO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startupO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programas\COMODO\Firewall\cfp.exe" -hO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Startup: Stardock ObjectDock.lnk = C:\Programas\Stardock\ObjectDock\ObjectDock.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exeO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221737038748O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{7C150A96-C5DA-4278-9B31-C3AC5E072FFA}: NameServer = 62.169.67.171 62.169.67.172O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exeO23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Programas\COMODO\Firewall\cmdagent.exeO23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programas\NOS\bin\getPlus_HelperSvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programas\Ficheiros comuns\Nero\Nero BackItUp 4\NBService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exeO23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe--End of file - 5807 bytes

[DigRam 144]

Bom Dia! muhrninho

 

<@> Vá em Iniciar --> Executar --> Digite: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

---------------------------

Hoje reparei que tenho as actualizações automáticas desactivadas e não as consigo voltar a activar e além disso de vez em quando oiço um som de erro mesmo sem aparecer alguma janela.

<!> Esses problemas,ainda,lhe chateiam?

<!> Pois o log está limpo! :natal_happy:

 

Abraços!

[muhrninho 0]

Bom dia DigRam

 

Desde que me mandou usar o malwarebytes que reparei que as actualizações automáticas voltaram a ficar activas.

De qualquer forma o programa ainda detectou alguns malwares e reparou o problema.

 

Muito obrigado pela ajuda! :natal_wink:

 

Já agora, posso continuar a usar aquele programa francês (UsbFix) sempre que suspeite que uma das minhas pendrives esteja infectada?

[DigRam 144]

Bom Dia! muhrninho

 

Já agora, posso continuar a usar aquele programa francês (UsbFix) sempre que suspeite que uma das minhas pendrives esteja infectada?

<!> Não recomendo,pois trata-se de uma ferramenta,e não um programa antivírus para uso popular.

-------------------------

<!> Para maiores detalhes,sobre a infecção,leia o Tutorial: < Vírus em pendrive >

 

Abraços!

[muhrninho 0]

Bom dia DigRam

 

Obrigado pela resposta rápida e pela explicação!

 

Abraços

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.