[Resolvido!] Sujeira embaixo do tapete.. será q meu pc tá limpo?

[darkizier 0]

Ola pessoal..! Estou aqui pois ja participei de um forum pois meu pc estáva com aquela famosa tela Azul e palavras dizendo q ele tava infectado.. bom ! a pessoa q me atendeu gentilmente me ensinou passo a passo como resolver o problema.. e tudo deu certo.. meu pc voltou a normalidade, só q de uns dias pra cá, ele começou a travar muito.. e o Meu Malwarebytes' Anti-Malware Detectar Infecções...

passei uma vez o Malwarebytes' Anti-Malware e achou mas de 10 infecçoes! depois pensei q meu pc tava limpo.. só q ele voltou a apresentar travamento e lentidão.. passei denovo o Malwarebytes' Anti-Malware e ele denunciou mas infecção.. Agora quando passo ele, dá sem infecções mas ainda continua meio lento..Troquei o Meu usuario(meu windows XP) e passei o Malwarebytes' Anti-Malware ele achou mais infecçoes..!

Gostaria de pedir ajudar pra q você verificassem meu LOG. e ajudassem..será q existe algum Virus ou algo do tipow escondido criando mas infecções?? há meu pendrive quando o coloco o AVg denuncia virus Autorun.inf tem como resolver??

Aguardo resposta..!

Há.. Passei antes de procurar ajuda aqui o "Malwarebytes" será isso pode esconder algum problema no Log do Hijackthis?

 

Segue o LOG:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:02:24, on 19/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HJT\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: ubisoft register.lnk = C:\Arquivos de programas\Ubisoft\Eagle Dynamics\Lock On\Register\schedule.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Arquivos de programas\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

 

--

End of file - 9032 bytes

[MGuitar 11]

Ola pessoal..! Estou aqui pois ja participei de um forum pois meu pc estáva com aquela famosa tela Azul e palavras dizendo q ele tava infectado.. bom ! a pessoa q me atendeu gentilmente me ensinou passo a passo como resolver o problema.. e tudo deu certo.. meu pc voltou a normalidade, só q de uns dias pra cá, ele começou a travar muito.. e o Meu Malwarebytes' Anti-Malware Detectar Infecções...

passei uma vez o Malwarebytes' Anti-Malware e achou mas de 10 infecçoes! depois pensei q meu pc tava limpo.. só q ele voltou a apresentar travamento e lentidão.. passei denovo o Malwarebytes' Anti-Malware e ele denunciou mas infecção.. Agora quando passo ele, dá sem infecções mas ainda continua meio lento..Troquei o Meu usuario(meu windows XP) e passei o Malwarebytes' Anti-Malware ele achou mais infecçoes..!

Gostaria de pedir ajudar pra q você verificassem meu LOG. e ajudassem..será q existe algum Virus ou algo do tipow escondido criando mas infecções?? há meu pendrive quando o coloco o AVg denuncia virus Autorun.inf tem como resolver??

Aguardo resposta..!

Há.. Passei antes de procurar ajuda aqui o "Malwarebytes" será isso pode esconder algum problema no Log do Hijackthis?

Amigo, o problema dos vírus voltarem (descrito acima por você), provavelmente, é proveniente de seu pen drive. Pois no seu log do HijackThis consta uma infecção por pen drive (kamsoft). Presumo que, quando limpou a máquina (em outro fórum como relatou), você conectou seu pen drive ou qualquer outra mídia removível que tenha (que possa estar infectado) na máquina após a limpeza anterior, seja pen drive, MP3, MP4, Celular, etc... E seu sistema novamente ficou infectado por causa disso. Siga as instruções abaixo.

 

 

1ª Etapa

 

- Faça o download do USBFix e salve-o no desktop (área de trabalho):

 

● Desative temporariamente seu antivírus;

● Dê um duplo clique no ícone do programa e instale-o clicando em (Suivant > Aceite o contrato > Suivant > Suivant > Démarrer > Quitter). Caso tenha dificuldades na instalação, pode seguir este tutorial > Tutorial USBFix

● Dê um duplo clique no ícone do USBFix criado no desktop para executá-lo;

● Insira o pen drive, MP3, MP4, e qualquer mídia que tenha, na porta USB do PC e clique OK na mensagem;

● Será apresentado uma mensagem que seu computador será desligado. Aguarde e espere-o reiniciar;

● O PC será reiniciado. Mantenha o pen drive no local. Não remova!!

● Ao reiniciar o PC a ferramenta será executada automaticamente. Clique "Continue" e aguarde...

● Ao receber a mensagem "Nettoyage effectue!", tecle ENTER

● Será aberto o log no bloco de notas automaticamente, talvez, a janela Meu Computador também, feche-os então. O log também estará em C:\UsbFix.txt.

 

 

2ª Etapa

 

- Faça o download do ComboFix e salve-o na área de trabalho;

 

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;

● Duplo clique no ícone combofix.exe para iniciar o scan;

● Leia o contrato que aparecerá e clique em Sim para continuar;

● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;

● Aguarde enquanto o ComboFix faz o scan;

● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;

● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;

● Se quiser sair ou parar o ComboFix, tecle N;

● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;

● Será gerado um log em C:\ComboFix.txt.

 

Para sua sua próxima resposta, necessito que cole os logs do USBFix e ComboFix.

[darkizier 0]

Os LOGs

 

-------------- UsbFix V2.413.5 ---------------

 

* User : Eliana - CASA-32EDB9C66B

* Outils mis a jours le 17/12/2008 par Chiquitine29 et Chimay8

* Recherche effectuée à 15:50:22 le --- 19/12/2008

* Windows Xp - Internet Explorer 6.0.2900.2180

 

 

--------------- [ Processus actifs ] ----------------

 

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\userinit.exe

C:\Temp\1.tmp\b2e.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

 

--------------- [ Informations lecteurs ] ----------------

 

C: - Unidade de disco fixo

 

E: - Unidade de disco remov¡vel

 

F: - Unidade de disco remov¡vel

 

 

+- Contenu de l'autorun : C:\autorun.inf

 

;dd43K5n0LZaA23s3oCJlos7ZL32ksoDijk3w3kqld3kLLK1i0cswr9lk504SalfolaLS5KsaKsrisrK

jADpSka0Ho8wod2w1rkrFi14ws

[AutoRun]

;iieweJ

open=i.bat

;d40lArwiZ03f4wKk44i7rAw8UiALAfD2S17d2Doso3qo1rkIjkafcq9DflAqkLa1d2aHndA2ia9wmkJ

jK1Csq13r2wj9ssdKSir0w3c842kawp3a5Kwo3si5o

shell\open\Command=i.bat

;e1Oqaask02DAlao6Zk253rls2Kd5w8420iklqLSkD33faq38S2iAwKA7iijolAKiwUwjcLZLkoaCaDo

r5wd3Kkl4ap9fds3LwiKs

shell\open\Default=1

;K4Os2JAd594ZoSfKlss5fjk6dwK0

shell\explore\Command=i.bat

;aol5srDD4kLKK3Kw27pSp9iiDdowikolKAeld3wwdk3OAwlffk61d4KaweAlAqijLS0wL9daSkqL3fs

e1ksr4D19inD98aDL

 

 

+- Contenu de l'autorun : E:\autorun.inf

 

;dd43K5n0LZaA23s3oCJlos7ZL32ksoDijk3w3kqld3kLLK1i0cswr9lk504SalfolaLS5KsaKsrisrK

jADpSka0Ho8wod2w1rkrFi14ws

[AutoRun]

;iieweJ

open=i.bat

;d40lArwiZ03f4wKk44i7rAw8UiALAfD2S17d2Doso3qo1rkIjkafcq9DflAqkLa1d2aHndA2ia9wmkJ

jK1Csq13r2wj9ssdKSir0w3c842kawp3a5Kwo3si5o

shell\open\Command=i.bat

;e1Oqaask02DAlao6Zk253rls2Kd5w8420iklqLSkD33faq38S2iAwKA7iijolAKiwUwjcLZLkoaCaDo

r5wd3Kkl4ap9fds3LwiKs

shell\open\Default=1

;K4Os2JAd594ZoSfKlss5fjk6dwK0

shell\explore\Command=i.bat

;aol5srDD4kLKK3Kw27pSp9iiDdowikolKAeld3wwdk3OAwlffk61d4KaweAlAqijLS0wL9daSkqL3fs

e1ksr4D19inD98aDL

 

 

+- Contenu de l'autorun : F:\autorun.inf

 

;dd43K5n0LZaA23s3oCJlos7ZL32ksoDijk3w3kqld3kLLK1i0cswr9lk504SalfolaLS5KsaKsrisrK

jADpSka0Ho8wod2w1rkrFi14ws

[AutoRun]

;iieweJ

open=i.bat

;d40lArwiZ03f4wKk44i7rAw8UiALAfD2S17d2Doso3qo1rkIjkafcq9DflAqkLa1d2aHndA2ia9wmkJ

jK1Csq13r2wj9ssdKSir0w3c842kawp3a5Kwo3si5o

shell\open\Command=i.bat

;e1Oqaask02DAlao6Zk253rls2Kd5w8420iklqLSkD33faq38S2iAwKA7iijolAKiwUwjcLZLkoaCaDo

r5wd3Kkl4ap9fds3LwiKs

shell\open\Default=1

;K4Os2JAd594ZoSfKlss5fjk6dwK0

shell\explore\Command=i.bat

;aol5srDD4kLKK3Kw27pSp9iiDdowikolKAeld3wwdk3OAwlffk61d4KaweAlAqijLS0wL9daSkqL3fs

e1ksr4D19inD98aDL

 

 

--------------- [ Lecteur C ] ----------------

 

C: - Unidade de disco fixo

 

 

+- Listing des fichiers présents :

 

[03/01/2007 19:59][--a------] C:\AUTOEXEC.BAT

[03/01/2007 19:59][--a------] C:\i.bat

[14/07/2007 17:52][-rahs----] C:\NTDETECT.COM

[30/07/1997 12:36][--a------] C:\RAMOS.EXE

[30/07/1997 12:36][--a------] C:\thmpls32.exe

[03/01/2007 20:13][---hs----] C:\boot.ini

[19/12/2008 15:42][-r-hs----] C:\autorun.inf

[19/12/2008 00:04][--a------] C:\avenger.txt

[19/12/2008 00:04][--a------] C:\ComboFix.txt

[19/12/2008 00:04][--a------] C:\EXXXXBABO.txt

[19/12/2008 00:04][--a------] C:\log_last.txt

[19/12/2008 00:04][--a------] C:\UsbFix.txt

[03/01/2007 19:59][--a------] C:\CONFIG.SYS

[03/01/2007 19:59][--a------] C:\IO.SYS

[03/01/2007 19:59][--a------] C:\MSDOS.SYS

[03/01/2007 19:59][--a------] C:\pagefile.sys

 

--------------- [ Lecteur E ] ----------------

 

E: - Unidade de disco remov¡vel

 

 

+- Listing des fichiers présents :

 

[29/11/2008 16:51][-r-hs----] E:\i.bat

[06/09/2008 20:07][--a------] E:\ManyCam.exe

[19/12/2008 15:42][-r-hs----] E:\autorun.inf

 

--------------- [ Lecteur F ] ----------------

 

F: - Unidade de disco remov¡vel

 

 

+- Listing des fichiers présents :

 

[29/11/2008 16:51][-r-hs----] F:\i.bat

[14/12/2008 11:03][--a------] F:\energia solar.exe

[14/12/2008 11:03][--a------] F:\botÆo rotativo.exe

[14/12/2008 11:03][--a------] F:\Diesel.exe

[14/12/2008 11:03][--a------] F:\Tecnica de CO2.exe

[14/12/2008 11:03][--a------] F:\T‚cnica de refrigera‡Æo CO2.exe

[14/12/2008 11:03][--a------] F:\tratamento.exe

[19/12/2008 15:42][-r-hs----] F:\autorun.inf

[15/08/2008 10:24][--a------] F:\COMANDO NEXT.txt

[15/08/2008 10:24][--a------] F:\CURSO FLASH.txt

[15/08/2008 10:24][--a------] F:\OSCILOSCOPIO.txt

[15/08/2008 10:24][--a------] F:\PNEUMATICA.txt

[15/08/2008 10:24][--a------] F:\PROGRAMA PARA BAIXAR FILMES.txt

[15/08/2008 10:24][--a------] F:\retrocesde.txt

[15/08/2008 10:24][--a------] F:\seme condutorrrr.txt

 

--------------- [ Registre / Startup ] ----------------

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://www.google.com"

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

MsnMsgr="C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

swg=C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

AdobeUpdater=C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

AVG7_CC=C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

WinampAgent=C:\Arquivos de programas\Winamp\winampa.exe

SunJavaUpdateSched="C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

RTHDCPL=RTHDCPL.EXE

NeroFilterCheck=C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

HP Software Update=C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

Malwarebytes Anti-Malware (reboot)="C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=

<NO NAME>=

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=

Installed=1

<NO NAME>=

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=

NoChange=1

Installed=1

<NO NAME>=

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=

Installed=1

<NO NAME>=

 

--------------- [ Registre / Mountpoint2 ] ----------------

 

 

-> Recherche négative.

 

--------------- [ Nettoyage des disques ] ----------------

 

Supprimé ! - [19/12/2008 14:44][-r-hs----] C:\WINDOWS\system32\gasretyw0.dll

Supprimé ! - [29/11/2008 16:51][-r-hs----] C:\WINDOWS\system32\kamsoft.exe

Supprimé ! - [18/12/2008 22:41][-r-hs----] C:\WINDOWS\system32\vbsdfe0.dll

C:\autorun.inf ~> fichier appelé : "C:\i.bat" ( présent ! )

Supprimé ! - C:\i.bat

E:\autorun.inf ~> fichier appelé : "E:\i.bat" ( présent ! )

Supprimé ! - E:\i.bat

F:\autorun.inf ~> fichier appelé : "F:\i.bat" ( présent ! )

Supprimé ! - F:\i.bat

Supprimé ! - [19/12/2008 15:42][-r-hs----] C:\autorun.inf

Supprimé ! - [19/12/2008 15:42][-r-hs----] E:\autorun.inf

Supprimé ! - [19/12/2008 15:42][-r-hs----] F:\autorun.inf

 

--------------- [ Resumé ] ----------------

 

-> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste /!\

 

[03/01/2007 19:59][--a------] C:\AUTOEXEC.BAT

[14/07/2007 17:52][-rahs----] C:\NTDETECT.COM

[30/07/1997 12:36][--a------] C:\RAMOS.EXE

[30/07/1997 12:36][--a------] C:\thmpls32.exe

[03/01/2007 20:13][---hs----] C:\boot.ini

[06/09/2008 20:07][--a------] E:\ManyCam.exe

[14/12/2008 11:03][--a------] F:\energia solar.exe

[14/12/2008 11:03][--a------] F:\botÆo rotativo.exe

[14/12/2008 11:03][--a------] F:\Diesel.exe

[14/12/2008 11:03][--a------] F:\Tecnica de CO2.exe

[14/12/2008 11:03][--a------] F:\T‚cnica de refrigera‡Æo CO2.exe

[14/12/2008 11:03][--a------] F:\tratamento.exe

 

--------------- ! Fin du rapport ! ----------------

 

 

 

 

O OUTRO!

 

 

 

ComboFix 08-12-18.03 - Eliana 2008-12-19 15:54:32.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1023.656 [GMT -2:00]

Executando de: c:\documents and settings\Eliana\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\TDSSbrsr.dat

c:\windows\system32\TDSSlrvd.dat

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-19 to 2008-12-19 ))))))))))))))))))))))))))))

.

 

2008-12-19 15:56 . 2008-12-19 15:56 53,248 --a------ c:\temp\catchme.dll

2008-12-19 15:42 . 2008-12-19 15:56 <DIR> d-------- c:\temp\A.tmp

2008-12-19 15:42 . 2008-12-19 15:56 <DIR> d-------- c:\temp\9.tmp

2008-12-19 15:39 . 2008-12-19 15:51 <DIR> d-------- c:\arquivos de programas\UsbFix

2008-12-18 17:01 . 2008-12-18 18:08 <DIR> d-------- c:\temp\~nsu.tmp

2008-12-18 08:49 . 2008-12-18 08:49 <DIR> d-------- c:\temp\Google Toolbar

2008-12-17 20:52 . 2008-12-19 15:56 <DIR> d-------- c:\temp\WER0bc3.dir00

2008-12-05 10:07 . 2008-12-19 15:56 <DIR> d-------- c:\temp\Word8.0

2008-12-04 19:20 . 2008-12-19 15:56 <DIR> d-------- c:\temp\PPT11.0

2008-12-01 12:32 . 2008-12-01 12:32 <DIR> d-------- c:\documents and settings\Eliana\Dados de aplicativos\ubi.com

2008-12-01 12:32 . 2008-12-01 12:32 <DIR> d-------- c:\arquivos de programas\ubi.com

2008-12-01 12:32 . 2008-12-01 12:32 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\PocketSoft

2008-12-01 12:32 . 2001-07-30 18:03 185,344 --a------ c:\windows\patchw32.dll

2008-12-01 12:26 . 2008-12-01 12:26 <DIR> d-------- c:\arquivos de programas\Ubisoft

2008-12-01 10:15 . 2008-12-03 18:50 <DIR> d-------- c:\temp\Adobe Stock Photos CS3

2008-12-01 10:15 . 2008-12-16 19:49 <DIR> d-------- c:\temp\Adobe

2008-11-30 23:08 . 2008-11-30 23:08 <DIR> d-------- c:\arquivos de programas\Liga Nacional IBS

2008-11-30 15:03 . 2008-11-30 15:03 <DIR> d-------- c:\documents and settings\Fernandes\Dados de aplicativos\Malwarebytes

2008-11-26 16:00 . 2008-11-26 16:28 <DIR> d-------- c:\arquivos de programas\ZD Soft

2008-11-25 00:20 . 2008-11-25 00:20 <DIR> d-------- c:\documents and settings\Eliana\Dados de aplicativos\Malwarebytes

2008-11-25 00:18 . 2008-11-25 00:18 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2008-11-25 00:18 . 2008-11-25 00:19 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-11-25 00:18 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-25 00:18 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-24 20:16 . 2008-12-19 01:02 <DIR> d-------- C:\HJT

2008-11-20 11:11 . 2008-11-20 11:11 <DIR> dr-h----- c:\documents and settings\Eliana\Dados de aplicativos\SecuROM

2008-11-20 11:11 . 2008-11-20 11:11 107,888 --a------ c:\windows\system32\CmdLineExt.dll

2008-11-20 10:44 . 2008-11-20 10:44 <DIR> d-------- c:\windows\system32\AGEIA

2008-11-20 10:44 . 2008-11-20 13:06 <DIR> d-------- c:\arquivos de programas\Electronic Arts

2008-11-20 10:44 . 2008-11-20 10:44 <DIR> d-------- c:\arquivos de programas\AGEIA Technologies

2008-11-20 10:43 . 2008-11-20 10:43 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-19 17:37 --------- d-----w c:\arquivos de programas\Oi Internet

2008-12-19 16:44 --------- d-----w c:\documents and settings\Eliana\Dados de aplicativos\AVG7

2008-12-19 10:00 --------- d-----w c:\documents and settings\Fernandes\Dados de aplicativos\AVG7

2008-12-16 17:26 --------- d-----w c:\documents and settings\Eliana_2\Dados de aplicativos\AVG7

2008-12-06 17:33 --------- d-----w c:\arquivos de programas\eMule

2008-12-06 03:46 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-12-01 14:32 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-12-01 01:14 --------- d-----w c:\arquivos de programas\NovaLogic

2008-11-25 03:14 174 ----a-w c:\arquivos de programas\lvslnsb.txt

2008-11-25 01:51 --------- d-----w c:\arquivos de programas\Serviços on-line

2008-11-20 12:18 --------- d-----w c:\arquivos de programas\Warcraft III

2008-11-14 18:58 --------- d-----w c:\documents and settings\Eliana_2\Dados de aplicativos\Image Zone Express

2008-11-10 18:50 --------- d-----w c:\arquivos de programas\EA GAMES

2008-11-10 02:20 11,376 ----a-w c:\windows\system32\drivers\secdrv.sys

2008-11-04 21:08 --------- d-----w c:\arquivos de programas\K-Lite Codec Pack

2008-10-30 13:37 --------- d-----w c:\arquivos de programas\MSN Messenger

2008-10-28 02:09 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\FLEXnet

2008-10-28 00:13 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2008-10-28 00:10 --------- d-----w c:\arquivos de programas\QuickTime

2008-10-27 23:07 --------- d-----w c:\documents and settings\Eliana\Dados de aplicativos\WhenU

2008-10-27 22:28 --------- d-----w c:\arquivos de programas\Bonjour

2008-10-27 22:24 --------- d-----w c:\arquivos de programas\Arquivos comuns\Macrovision Shared

2008-10-27 22:02 --------- d-----w c:\arquivos de programas\DAEMON Tools

2008-10-27 19:15 --------- d-----w c:\documents and settings\Eliana_2\Dados de aplicativos\WhenU

2008-10-25 13:37 --------- d-----w c:\documents and settings\Fernandes\Dados de aplicativos\WhenU

2008-10-25 11:27 639,224 ----a-w c:\windows\system32\drivers\sptd.sys

2008-10-25 10:48 --------- d-----w c:\arquivos de programas\Desktop YouTube

2008-10-21 23:33 --------- d-----w c:\documents and settings\Fernandes\Dados de aplicativos\Ahead

2008-10-10 00:14 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll

2008-04-27 12:17 22,328 ----a-w c:\documents and settings\Fernandes\Dados de aplicativos\PnkBstrK.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-09-04 6856704]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-16 68856]

"AdobeUpdater"="c:\arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="c:\arquiv~1\Grisoft\AVG7\avgcc.exe" [2008-10-19 590848]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]

"WinampAgent"="c:\arquivos de programas\Winamp\winampa.exe" [2006-11-21 35328]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-07-14 15360]

"AVG7_Run"="c:\arquiv~1\Grisoft\AVG7\avgw.exe" [2008-05-08 219136]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2007-07-14 c:\windows\system32\advpack.dll]

 

c:\documents and settings\Eliana\Menu Iniciar\Programas\Inicializar\

ubisoft register.lnk - c:\arquivos de programas\Ubisoft\Eagle Dynamics\Lock On\Register\schedule.exe [2008-12-01 28672]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.I420"= i263_32.drv

"vidc.3ivx"= 3ivxVfWCodec.dll

"vidc.3iv2"= 3ivxVfWCodec.dll

"msacm.divxa32"= divxa32.acm

"VIDC.HFYU"= huffyuv.dll

"VIDC.i263"= i263_32.drv

"msacm.imc"= imc32.acm

"VIDC.VP31"= vp31vfw.dll

"VIDC.ZDSV"= scrvid.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

--a------ 2007-05-10 22:46 624248 c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

--a------ 2007-03-20 16:40 1884160 c:\arquiv~1\ARQUIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-06-01 11:21 153136 c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2007-07-14 17:51 15360 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2006-11-12 08:48 157592 c:\arquivos de programas\DAEMON Tools\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-06-28 14:43 8466432 c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-06-28 14:43 81920 c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-04-16 12:47 68856 c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 08:43 69632 c:\windows\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-06-28 14:43 1626112 c:\windows\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r------- 2007-06-15 06:45 1826816 c:\windows\SkyTel.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"=

"c:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"=

"c:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"=

"c:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Arquivos de programas\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\CS1.6 pod-Bot\\hl.exe"=

"c:\\CS1.6 pod-Bot\\hltv.exe"=

"c:\\Arquivos de programas\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=

"c:\\Arquivos de programas\\NovaLogic\\MiG-29 Fulcrum\\M29.exe"=

"c:\\Arquivos de programas\\NovaLogic\\MiG-29 Fulcrum\\Update.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

 

S3 axskbus;axskbus;c:\windows\system32\DRIVERS\axskbus.sys []

S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys []

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

MSConfigStartUp-ManyCam - c:\arquivos de programas\ManyCam 2.3\ManyCam.exe

 

 

.

------- Scan Suplementar -------

.

mSearch Bar = hxxp://farejador.ig.com.br/ie/

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Append to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath -

 

ATTENTION: FIREFOX POLICES IS IN FORCE

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-19 15:56:37

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-12-19 15:57:32

ComboFix-quarantined-files.txt 2008-12-19 17:57:11

ComboFix2.txt 2008-11-25 16:47:41

 

Pré-execução: 20 pasta(s) 71.957.450.752 bytes disponíveis

Pós execução: 19 pasta(s) 72,114,020,352 bytes disponíveis

 

214

 

Se você quizer posso mandar o log novo Hijackthis! mas ainda naum usei ele.. mas se você quizer eu uso ele e posto aqui o novo log..!

[MGuitar 11]

Selecione e copie este texto aqui abaixo (começando de Folder). Cole-o dentro do bloco de notas de seu computador e salve no desktop com o nome CFScript.txt

 

Folder::c:\temp\A.tmpc:\temp\9.tmpc:\temp\~nsu.tmpc:\temp\WER0bc3.dir00Registry::[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000000

 

Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

 

 

● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;

● Não use o mouse nem o teclado quando o ComboFix estiver rodando;

● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;

● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

 

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

[darkizier 0]

ComboFix 08-12-18.03 - Eliana 2008-12-19 17:56:20.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1023.596 [GMT -2:00]

Executando de: c:\documents and settings\Eliana\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Eliana\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\temp\~nsu.tmp

c:\temp\9.tmp

c:\temp\A.tmp

c:\temp\WER0bc3.dir00

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-19 to 2008-12-19 ))))))))))))))))))))))))))))

.

 

2008-12-19 17:59 . 2008-12-19 17:59 53,248 --a------ c:\temp\catchme.dll

2008-12-19 15:39 . 2008-12-19 15:51 <DIR> d-------- c:\arquivos de programas\UsbFix

2008-12-18 08:49 . 2008-12-18 08:49 <DIR> d-------- c:\temp\Google Toolbar

2008-12-05 10:07 . 2008-12-19 15:56 <DIR> d-------- c:\temp\Word8.0

2008-12-04 19:20 . 2008-12-19 15:56 <DIR> d-------- c:\temp\PPT11.0

2008-12-01 12:32 . 2008-12-01 12:32 <DIR> d-------- c:\documents and settings\Eliana\Dados de aplicativos\ubi.com

2008-12-01 12:32 . 2008-12-01 12:32 <DIR> d-------- c:\arquivos de programas\ubi.com

2008-12-01 12:32 . 2008-12-01 12:32 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\PocketSoft

2008-12-01 12:32 . 2001-07-30 18:03 185,344 --a------ c:\windows\patchw32.dll

2008-12-01 12:26 . 2008-12-01 12:26 <DIR> d-------- c:\arquivos de programas\Ubisoft

2008-12-01 10:15 . 2008-12-03 18:50 <DIR> d-------- c:\temp\Adobe Stock Photos CS3

2008-12-01 10:15 . 2008-12-16 19:49 <DIR> d-------- c:\temp\Adobe

2008-11-30 23:08 . 2008-11-30 23:08 <DIR> d-------- c:\arquivos de programas\Liga Nacional IBS

2008-11-30 15:03 . 2008-11-30 15:03 <DIR> d-------- c:\documents and settings\Fernandes\Dados de aplicativos\Malwarebytes

2008-11-26 16:00 . 2008-11-26 16:28 <DIR> d-------- c:\arquivos de programas\ZD Soft

2008-11-25 00:20 . 2008-11-25 00:20 <DIR> d-------- c:\documents and settings\Eliana\Dados de aplicativos\Malwarebytes

2008-11-25 00:18 . 2008-11-25 00:18 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2008-11-25 00:18 . 2008-11-25 00:19 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-11-25 00:18 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-25 00:18 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-24 20:16 . 2008-12-19 01:02 <DIR> d-------- C:\HJT

2008-11-20 11:11 . 2008-11-20 11:11 <DIR> dr-h----- c:\documents and settings\Eliana\Dados de aplicativos\SecuROM

2008-11-20 11:11 . 2008-11-20 11:11 107,888 --a------ c:\windows\system32\CmdLineExt.dll

2008-11-20 10:44 . 2008-11-20 10:44 <DIR> d-------- c:\windows\system32\AGEIA

2008-11-20 10:44 . 2008-11-20 13:06 <DIR> d-------- c:\arquivos de programas\Electronic Arts

2008-11-20 10:44 . 2008-11-20 10:44 <DIR> d-------- c:\arquivos de programas\AGEIA Technologies

2008-11-20 10:43 . 2008-11-20 10:43 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-19 19:54 --------- d-----w c:\arquivos de programas\Oi Internet

2008-12-19 18:18 --------- d-----w c:\documents and settings\Eliana\Dados de aplicativos\AVG7

2008-12-19 10:00 --------- d-----w c:\documents and settings\Fernandes\Dados de aplicativos\AVG7

2008-12-16 17:26 --------- d-----w c:\documents and settings\Eliana_2\Dados de aplicativos\AVG7

2008-12-06 17:33 --------- d-----w c:\arquivos de programas\eMule

2008-12-06 03:46 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-12-01 14:32 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-12-01 01:14 --------- d-----w c:\arquivos de programas\NovaLogic

2008-11-25 03:14 174 ----a-w c:\arquivos de programas\lvslnsb.txt

2008-11-25 01:51 --------- d-----w c:\arquivos de programas\Serviços on-line

2008-11-20 12:18 --------- d-----w c:\arquivos de programas\Warcraft III

2008-11-14 18:58 --------- d-----w c:\documents and settings\Eliana_2\Dados de aplicativos\Image Zone Express

2008-11-10 18:50 --------- d-----w c:\arquivos de programas\EA GAMES

2008-11-10 02:20 11,376 ----a-w c:\windows\system32\drivers\secdrv.sys

2008-11-04 21:08 --------- d-----w c:\arquivos de programas\K-Lite Codec Pack

2008-10-30 13:37 --------- d-----w c:\arquivos de programas\MSN Messenger

2008-10-28 02:09 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\FLEXnet

2008-10-28 00:13 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2008-10-28 00:10 --------- d-----w c:\arquivos de programas\QuickTime

2008-10-27 23:07 --------- d-----w c:\documents and settings\Eliana\Dados de aplicativos\WhenU

2008-10-27 22:28 --------- d-----w c:\arquivos de programas\Bonjour

2008-10-27 22:24 --------- d-----w c:\arquivos de programas\Arquivos comuns\Macrovision Shared

2008-10-27 22:02 --------- d-----w c:\arquivos de programas\DAEMON Tools

2008-10-27 19:15 --------- d-----w c:\documents and settings\Eliana_2\Dados de aplicativos\WhenU

2008-10-25 13:37 --------- d-----w c:\documents and settings\Fernandes\Dados de aplicativos\WhenU

2008-10-25 11:27 639,224 ----a-w c:\windows\system32\drivers\sptd.sys

2008-10-25 10:48 --------- d-----w c:\arquivos de programas\Desktop YouTube

2008-10-21 23:33 --------- d-----w c:\documents and settings\Fernandes\Dados de aplicativos\Ahead

2008-04-27 12:17 22,328 ----a-w c:\documents and settings\Fernandes\Dados de aplicativos\PnkBstrK.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-09-04 6856704]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-16 68856]

"AdobeUpdater"="c:\arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="c:\arquiv~1\Grisoft\AVG7\avgcc.exe" [2008-10-19 590848]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]

"WinampAgent"="c:\arquivos de programas\Winamp\winampa.exe" [2006-11-21 35328]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-07-14 15360]

"AVG7_Run"="c:\arquiv~1\Grisoft\AVG7\avgw.exe" [2008-05-08 219136]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2007-07-14 c:\windows\system32\advpack.dll]

 

c:\documents and settings\Eliana\Menu Iniciar\Programas\Inicializar\

ubisoft register.lnk - c:\arquivos de programas\Ubisoft\Eagle Dynamics\Lock On\Register\schedule.exe [2008-12-01 28672]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.I420"= i263_32.drv

"vidc.3ivx"= 3ivxVfWCodec.dll

"vidc.3iv2"= 3ivxVfWCodec.dll

"msacm.divxa32"= divxa32.acm

"VIDC.HFYU"= huffyuv.dll

"VIDC.i263"= i263_32.drv

"msacm.imc"= imc32.acm

"VIDC.VP31"= vp31vfw.dll

"VIDC.ZDSV"= scrvid.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

--a------ 2007-05-10 22:46 624248 c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

--a------ 2007-03-20 16:40 1884160 c:\arquiv~1\ARQUIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-06-01 11:21 153136 c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2007-07-14 17:51 15360 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2006-11-12 08:48 157592 c:\arquivos de programas\DAEMON Tools\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-06-28 14:43 8466432 c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-06-28 14:43 81920 c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-04-16 12:47 68856 c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 08:43 69632 c:\windows\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-06-28 14:43 1626112 c:\windows\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r------- 2007-06-15 06:45 1826816 c:\windows\SkyTel.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"=

"c:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"=

"c:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"=

"c:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Arquivos de programas\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\CS1.6 pod-Bot\\hl.exe"=

"c:\\CS1.6 pod-Bot\\hltv.exe"=

"c:\\Arquivos de programas\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=

"c:\\Arquivos de programas\\NovaLogic\\MiG-29 Fulcrum\\M29.exe"=

"c:\\Arquivos de programas\\NovaLogic\\MiG-29 Fulcrum\\Update.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

 

S3 axskbus;axskbus;c:\windows\system32\DRIVERS\axskbus.sys []

S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys []

.

.

------- Scan Suplementar -------

.

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mSearch Bar = hxxp://farejador.ig.com.br/ie/

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Append to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath -

 

ATTENTION: FIREFOX POLICES IS IN FORCE

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-19 17:59:24

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-12-19 18:01:35

ComboFix-quarantined-files.txt 2008-12-19 20:01:33

ComboFix2.txt 2008-12-19 17:57:33

ComboFix3.txt 2008-11-25 16:47:41

 

Pré-execução: 19 pasta(s) 72,096,911,360 bytes disponíveis

Pós execução: 19 pasta(s) 72,088,969,216 bytes disponíveis

 

210

 

 

 

 

O OUTRO!!!

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:05:13, on 19/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HJT\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: ubisoft register.lnk = C:\Arquivos de programas\Ubisoft\Eagle Dynamics\Lock On\Register\schedule.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Arquivos de programas\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

 

--

End of file - 8866 bytes

[MGuitar 11]

Os logs estão limpos.

 

Vá em Iniciar > Executar, digite: combofix /u e dê um Enter. Caso as pastas da ferramenta permaneçam ainda, delete-as em C:\Qoobox e C:\ComboFix.

Vá em Painel de Controle > Adicionar ou Remover Programas. Desinstale o UsbFix. E delete sua pasta em C:\Arquivos de Programas\UsbFix.

 

Sugiro que desabilite o autorun do Windows para não ter mais problemas com infecção por pen drive. Para tanto, leia o artigo do link abaixo:

 

http://www.linhadefensiva.org/forum/index....mp;#entry364811

 

Algum problema ainda?

[Mário Monteiro 179]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.