[Arquivado] Log do HijackThis e ComboFix

Felipe7l · Abril 3, 2009

Opa...

Pesquisei hoje sobre um virus q surgiu na lista dos processos do meu pc e achei esse forum muito massa para resolver os problemas...

primeiro passei o combofix segui tudo certinho....

cara acho q sumiu alguns do malwares q estavam no pc...

melhorou bem..

depois lendo o forum achei o tal do hijackthis e passei ele tambem com todos os meus drivers conectador ao pc...

estou com o log dos dois...

Combofix:

ComboFix 09-04-01.01 - Felipe de Souza 2009-04-02 19:29:49.1 - NTFSx86

Executando de: e:\documents and settings\Felipe de Souza\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

E:\autorun.inf

e:\documents and settings\Felipe de Souza\Dados de aplicativos\inst.exe

e:\windows\system32\Core.dll

e:\windows\system32\msssc.dll

F:\Autorun.inf

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-02 to 2009-04-02 ))))))))))))))))))))))))))))

.

2009-04-02 19:13 . 2006-03-02 23:42 73,728 --a------ E:\pv.exe

2009-04-02 19:12 . 2009-04-02 19:12 <DIR> d-------- e:\documents and settings\Felipe de Souza\Dados de aplicativos\Windows Desktop Search

2009-04-02 16:25 . 2009-04-02 16:25 <DIR> d-------- e:\documents and settings\Felipe de Souza\Dados de aplicativos\Windows Search

2009-04-02 16:23 . 2009-04-02 16:23 <DIR> d-------- e:\arquivos de programas\Windows Desktop Search

2009-04-02 16:22 . 2008-03-07 14:02 192,000 -----c--- e:\windows\system32\dllcache\offfilt.dll

2009-04-02 16:22 . 2008-03-07 14:02 98,304 -----c--- e:\windows\system32\dllcache\nlhtml.dll

2009-04-02 16:22 . 2008-03-07 14:02 29,696 -----c--- e:\windows\system32\dllcache\mimefilt.dll

2009-04-02 13:38 . 2009-01-09 16:19 1,089,883 -----c--- e:\windows\system32\dllcache\ntprint.cat

2009-04-01 14:10 . 2006-06-29 13:07 14,048 --------- e:\windows\system32\spmsg2.dll

2009-04-01 13:59 . 2009-04-01 14:10 <DIR> d-------- e:\windows\system32\XPSViewer

2009-04-01 13:58 . 2009-04-01 13:58 <DIR> d-------- e:\arquivos de programas\Reference Assemblies

2009-04-01 13:58 . 2009-04-01 13:58 <DIR> d-------- E:\82395a271562dfd27ce6b4

2009-04-01 13:58 . 2008-07-06 09:06 1,676,288 --------- e:\windows\system32\xpssvcs.dll

2009-04-01 13:58 . 2008-07-06 09:06 1,676,288 -----c--- e:\windows\system32\dllcache\xpssvcs.dll

2009-04-01 13:58 . 2008-07-06 07:50 597,504 -----c--- e:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-04-01 13:58 . 2008-07-06 09:06 575,488 --------- e:\windows\system32\xpsshhdr.dll

2009-04-01 13:58 . 2008-07-06 09:06 575,488 -----c--- e:\windows\system32\dllcache\xpsshhdr.dll

2009-04-01 13:58 . 2008-07-06 09:06 117,760 --------- e:\windows\system32\prntvpt.dll

2009-04-01 13:58 . 2008-07-06 09:06 89,088 -----c--- e:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-04-01 13:48 . 2009-04-01 13:48 <DIR> d-------- E:\1dbbb87d4aea535a613cdea85f1d

2009-03-31 16:26 . 2009-03-31 16:26 <DIR> d--hs---- e:\documents and settings\Felipe de Souza\PrivacIE

2009-03-31 16:26 . 2009-03-31 16:26 <DIR> d--hs---- e:\documents and settings\Felipe de Souza\IECompatCache

2009-03-31 15:50 . 2009-03-31 15:50 <DIR> d--hs---- e:\documents and settings\LocalService\IETldCache

2009-03-31 15:50 . 2009-03-31 15:50 <DIR> d--hs---- e:\documents and settings\Felipe de Souza\IETldCache

2009-03-31 15:31 . 2009-03-31 15:31 <DIR> d-------- e:\windows\ie8updates

2009-03-31 15:26 . 2009-03-31 15:30 <DIR> d--h-c--- e:\windows\ie8

2009-03-31 15:04 . 2009-02-28 01:55 105,984 -----c--- e:\windows\system32\dllcache\iecompat.dll

2009-03-25 22:15 . 2009-03-25 22:15 <DIR> d-------- e:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2009-03-19 18:27 . 2009-04-02 16:04 <DIR> d-------- e:\documents and settings\All Users\Dados de aplicativos\Google Updater

2009-03-19 16:23 . 2009-03-19 16:23 <DIR> d-------- e:\documents and settings\Felipe de Souza\Dados de aplicativos\Windows Live Writer

2009-03-19 15:17 . 2009-03-19 15:17 <DIR> d-------- e:\arquivos de programas\Microsoft Silverlight

2009-03-19 14:36 . 2009-03-19 14:36 <DIR> d-------- e:\windows\system32\config\systemprofile\Dados de aplicativos\SACore

2009-03-16 21:27 . 2009-03-16 21:56 <DIR> d-------- e:\documents and settings\Felipe de Souza\.receitanet

2009-03-16 21:23 . 2008-12-23 17:01 69,632 --a------ e:\windows\system32\MSJCE.dll

2009-03-08 14:35 . 2009-03-08 14:35 53,248 --------- e:\windows\system32\msrating.dll.mui

2009-03-08 14:35 . 2009-03-08 14:35 2,560 --------- e:\windows\system32\mshta.exe.mui

2009-03-08 14:32 . 2009-03-08 14:32 81,920 --------- e:\windows\system32\iedkcs32.dll.mui

2009-03-08 14:32 . 2009-03-08 14:32 4,096 --------- e:\windows\system32\ie4uinit.exe.mui

2009-03-08 04:33 . 2009-03-08 04:33 18,944 -----c--- e:\windows\system32\dllcache\corpol.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-02 22:32 --------- d-----w e:\documents and settings\Felipe de Souza\Dados de aplicativos\BitTorrent

2009-04-02 22:29 --------- d-----w e:\documents and settings\Felipe de Souza\Dados de aplicativos\DNA

2009-04-02 22:13 --------- d-----w e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2

2009-04-02 22:09 --------- d-----w e:\arquivos de programas\DNA

2009-04-01 18:27 --------- d-----w e:\documents and settings\All Users\Dados de aplicativos\Babylon

2009-04-01 16:59 --------- d-----w e:\arquivos de programas\MSBuild

2009-03-31 23:55 --------- d-----w e:\documents and settings\Felipe de Souza\Dados de aplicativos\Babylon

2009-03-31 17:54 --------- d-----w e:\arquivos de programas\Hamachi

2009-03-31 17:54 --------- d-----w e:\arquivos de programas\GordianKnot

2009-03-31 17:53 --------- d-----w e:\arquivos de programas\Cheatbook Database 2008

2009-03-31 17:53 --------- d-----w e:\arquivos de programas\BitTorrent_DNA

2009-03-31 17:53 --------- d-----w e:\arquivos de programas\BitTorrent

2009-03-31 17:49 --------- d-----w e:\arquivos de programas\Acoustica Audio Converter Pro

2009-03-29 23:09 --------- d-----w e:\documents and settings\LocalService\Dados de aplicativos\SACore

2009-03-27 19:54 --------- d-----w e:\documents and settings\Felipe de Souza\Dados de aplicativos\Vso

2009-03-26 20:22 --------- d-----w e:\arquivos de programas\VDOWNLOADER

2009-03-26 01:18 --------- d-----w e:\arquivos de programas\AIMP2

2009-03-19 21:27 --------- d-----w e:\arquivos de programas\Google

2009-03-19 18:44 --------- d-----w e:\arquivos de programas\Windows Live

2009-03-19 16:19 --------- d-----w e:\arquivos de programas\McAfee

2009-03-17 01:15 --------- d-----w e:\arquivos de programas\Programas RFB

2009-03-13 15:58 --------- d-----w e:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-03-08 07:34 914,944 ----a-w e:\windows\system32\wininet.dll

2009-03-08 07:34 43,008 ----a-w e:\windows\system32\licmgr10.dll

2009-03-08 07:33 420,352 ----a-w e:\windows\system32\vbscript.dll

2009-03-08 07:33 18,944 ----a-w e:\windows\system32\corpol.dll

2009-03-08 07:32 72,704 ----a-w e:\windows\system32\admparse.dll

2009-03-08 07:32 71,680 ----a-w e:\windows\system32\iesetup.dll

2009-03-08 07:31 48,128 ----a-w e:\windows\system32\mshtmler.dll

2009-03-08 07:31 45,568 ----a-w e:\windows\system32\mshta.exe

2009-03-08 07:31 34,816 ----a-w e:\windows\system32\imgutil.dll

2009-03-08 07:22 156,160 ----a-w e:\windows\system32\msls31.dll

2009-02-09 14:06 1,846,912 ----a-w e:\windows\system32\win32k.sys

2009-02-08 00:16 --------- d--h--w e:\arquivos de programas\InstallShield Installation Information

2009-02-07 22:05 --------- d-----w e:\arquivos de programas\Messenger Plus! Live

2009-02-07 00:42 --------- d-----w e:\arquivos de programas\sXe Injected

2009-02-06 22:14 308,088 ----a-w e:\windows\WLXPGSS.SCR

2009-02-06 21:52 49,504 ----a-w e:\windows\system32\sirenacm.dll

2009-02-02 15:52 --------- d-----w e:\documents and settings\Felipe de Souza\Dados de aplicativos\SUPERAntiSpyware.com

2009-02-02 15:52 --------- d-----w e:\arquivos de programas\SUPERAntiSpyware

2009-01-07 21:21 26,144 ----a-w e:\windows\system32\spupdsvc.exe

2009-01-07 21:20 265,720 ----a-w e:\windows\system32\msdbg2.dll

2009-01-07 21:20 26,112 ----a-w e:\windows\system32\idndl.dll

2009-01-07 21:20 24,576 ----a-w e:\windows\system32\nlsdl.dll

2009-01-07 21:20 23,552 ----a-w e:\windows\system32\normaliz.dll

2008-03-08 21:06 47,360 ----a-w e:\documents and settings\Felipe de Souza\Dados de aplicativos\pcouffin.sys

2008-12-08 23:08 32,768 --sha-w e:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008120820081209\index.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitTorrent"="e:\arquivos de programas\BitTorrent\bittorrent.exe" [2008-12-16 637232]

"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="e:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"MSConfig"="e:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 171520]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

e:\documents and settings\Felipe de Souza\Menu Iniciar\Programas\Inicializar\

Ferramenta de Verifica‡Æo de M¡dia do Cyber-shot Viewer.lnk - e:\arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-02-23 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "e:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Search.lnk]

path=e:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Windows Search.lnk

backup=e:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-10-15 00:04 39792 e:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]

--a------ 2008-02-20 23:22 3165920 e:\arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

--a------ 2008-12-16 17:16 637232 e:\arquivos de programas\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

--a------ 2008-12-19 08:22 342848 e:\arquivos de programas\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]

--a------ 2009-02-06 18:08 454000 e:\arquivos de programas\Windows Live\Family Safety\fsui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2007-08-24 06:00 33648 e:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

--a------ 2004-05-12 15:18 241664 e:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2004-02-12 13:38 49152 e:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-13 23:21 1695232 e:\arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2009-02-06 18:50 3885408 e:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-09 18:53 153136 e:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2006-10-22 13:22 7700480 e:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2006-10-22 13:22 86016 e:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

--a------ 2008-12-03 11:47 1205760 e:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2001-12-31 13:04 831488 e:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"e:\\Arquivos de programas\\DNA\\btdna.exe"=

"e:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

"e:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"e:\\Arquivos de programas\\Valve\\hl.exe"=

"e:\\Arquivos de programas\\Valve\\hlds.exe"=

"e:\\Arquivos de programas\\Valve\\HLServer\\hlds.exe"=

"e:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"e:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R2 gupdate1c9a8d98cb40f30;Google Update Service (gupdate1c9a8d98cb40f30);e:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-19 133104]

R3 cpuz129;cpuz129;f:\felipe\Programas\pc wizz\pcwiz32.sys [2008-01-25 9600]

R3 Mkd2kfNt;Mkd2kfNt;e:\windows\system32\drivers\Mkd2kfNt.sys [2008-07-08 130560]

R3 Mkd2Nadr;Mkd2Nadr;e:\windows\system32\drivers\Mkd2Nadr.sys [2008-07-08 79104]

R3 XDva168;XDva168; [x]

S1 aswSP;avast! Self Protection; [x]

S2 aswFsBlk;aswFsBlk;e:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

S2 fssfltr;fssfltr;e:\windows\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]

S2 fsssvc;Windows Live Proteção para a Família;e:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;e:\arquivos de programas\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]

S2 SeaPort;SeaPort;e:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

--- ---

*Deregistered* - Aavmker4

*Deregistered* - AFD

*Deregistered* - ALG

*Deregistered* - aswFsBlk

*Deregistered* - aswMon2

*Deregistered* - aswRdr

*Deregistered* - aswSP

*Deregistered* - aswTdi

*Deregistered* - aswUpdSv

*Deregistered* - AudioSrv

*Deregistered* - audstub

*Deregistered* - avast! Antivirus

*Deregistered* - avast! Mail Scanner

*Deregistered* - avast! Web Scanner

*Deregistered* - Beep

*Deregistered* - BITS

*Deregistered* - Browser

*Deregistered* - Cdfs

*Deregistered* - CryptSvc

*Deregistered* - DcomLaunch

*Deregistered* - Dhcp

*Deregistered* - dmio

*Deregistered* - dmload

*Deregistered* - dmserver

*Deregistered* - Dnscache

*Deregistered* - ElbyCDIO

*Deregistered* - ERSvc

*Deregistered* - EventSystem

*Deregistered* - Fastfat

*Deregistered* - FastUserSwitchingCompatibility

*Deregistered* - Fips

*Deregistered* - FltMgr

*Deregistered* - fssfltr

*Deregistered* - fsssvc

*Deregistered* - Ftdisk

*Deregistered* - Gpc

*Deregistered* - gupdate1c9a8d98cb40f30

*Deregistered* - gusvc

*Deregistered* - helpsvc

*Deregistered* - HTTP

*Deregistered* - InCDfs

*Deregistered* - InCDsrv

*Deregistered* - IpNat

*Deregistered* - IPSec

*Deregistered* - KSecDD

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LmHosts

*Deregistered* - McAfee SiteAdvisor Service

*Deregistered* - MDM

*Deregistered* - mnmdd

*Deregistered* - MountMgr

*Deregistered* - MRxDAV

*Deregistered* - MRxSmb

*Deregistered* - Msfs

*Deregistered* - mssmbios

*Deregistered* - Mup

*Deregistered* - NDIS

*Deregistered* - NdisTapi

*Deregistered* - Ndisuio

*Deregistered* - NdisWan

*Deregistered* - NDProxy

*Deregistered* - NetBIOS

*Deregistered* - NetBT

*Deregistered* - Netman

*Deregistered* - Nla

*Deregistered* - Npfs

*Deregistered* - Ntfs

*Deregistered* - Null

*Deregistered* - NVSvc

*Deregistered* - PartMgr

*Deregistered* - ParVdm

*Deregistered* - PCIIde

*Deregistered* - pcouffin

*Deregistered* - PolicyAgent

*Deregistered* - PptpMiniport

*Deregistered* - ProtectedStorage

*Deregistered* - PSched

*Deregistered* - RasAcd

*Deregistered* - Rasl2tp

*Deregistered* - RasMan

*Deregistered* - RasPppoe

*Deregistered* - Raspti

*Deregistered* - Rdbss

*Deregistered* - RDPCDD

*Deregistered* - rdpdr

*Deregistered* - RemoteRegistry

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - SCDEmu

*Deregistered* - Schedule

*Deregistered* - SeaPort

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - SharedAccess

*Deregistered* - ShellHWDetection

*Deregistered* - sisidex

*Deregistered* - SoundMAX Agent Service (default)

*Deregistered* - Spooler

*Deregistered* - sr

*Deregistered* - srservice

*Deregistered* - Srv

*Deregistered* - SSDPSRV

*Deregistered* - stisvc

*Deregistered* - swenum

*Deregistered* - TapiSrv

*Deregistered* - Tcpip

*Deregistered* - TermDD

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - Update

*Deregistered* - upnphost

*Deregistered* - VgaSave

*Deregistered* - VolSnap

*Deregistered* - W32Time

*Deregistered* - Wanarp

*Deregistered* - WebClient

*Deregistered* - winmgmt

*Deregistered* - wscsvc

*Deregistered* - WSearch

*Deregistered* - wuauserv

*Deregistered* - WudfPf

*Deregistered* - WudfSvc

*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e24a10-e202-11dc-a4ba-806d6172696f}]

\Shell\AutoRun\command - m0vnonh.bat

\Shell\open\Command - m0vnonh.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e24a12-e202-11dc-a4ba-806d6172696f}]

\Shell\AutoRun\command - m0vnonh.bat

\Shell\open\Command - m0vnonh.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a81d1e5-d761-11dd-85ca-00109588f044}]

\Shell\AutoRun\command - C:\ino6.com

\Shell\explore\Command - C:\ino6.com

\Shell\open\Command - C:\ino6.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{118fd434-c39b-11dd-8585-00109588f044}]

\Shell\AutoRun\command - C:\m0vnonh.bat

\Shell\open\Command - C:\m0vnonh.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b5c1600-e22d-11dc-8223-0011d8abaa45}]

\Shell\AutoRun\command - e:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wbsinstalls.exe

\Shell\infected\command - C:\wbsinstalls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93c1bb04-f246-11dd-8611-00109588f044}]

\Shell\AutoRun\command - C:\pook.com

\Shell\open\Command - C:\pook.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa108ff5-7c46-11dd-848c-00109588f044}]

\Shell\AutoRun\command - e:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9da06ba-d793-11dd-85cb-00109588f044}]

\Shell\AutoRun\command - e:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d28d13e2-d79d-11dd-85cd-00109588f044}]

\Shell\Auto\command - MicrosoftPowerPoint.exe

\Shell\AutoRun\command - e:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4f8ddfe-7ad2-11dd-8481-00109588f044}]

\Shell\AutoRun\command - C:\jdhc2x2.com

\Shell\explore\Command - C:\jdhc2x2.com

\Shell\open\Command - C:\jdhc2x2.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd464f9c-406a-11dd-83a4-00109588f044}]

\Shell\AutoRun\command - C:\m0vnonh.bat

\Shell\open\Command - C:\m0vnonh.bat

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"e:\windows\system32\rundll32.exe" "e:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-03-27 e:\windows\Tasks\1-Click Maintenance.job

- e:\arquivos de programas\TuneUp Utilities 2007\SystemOptimizer.exe []

2009-04-02 e:\windows\Tasks\Google Software Updater.job

- e:\arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 10:12]

2009-04-02 e:\windows\Tasks\GoogleUpdateTaskMachine.job

- e:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-19 18:27]

2009-04-02 e:\windows\Tasks\User_Feed_Synchronization-{0C36095E-F041-48A4-8102-508217BE272F}.job

- e:\windows\system32\msfeedssync.exe [2009-03-08 04:31]

.

- - - - ORFÃOS REMOVIDOS - - - -

HKU-Default-Run-Nokia.PCSync - e:\arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

SafeBoot-Wdf01000.sys

MSConfigStartUp-amva - e:\windows\system32\amvo.exe

MSConfigStartUp-cdoosoft - e:\windows\system32\olhrwef.exe

MSConfigStartUp-mstwain32 - e:\windows\mstwain32.exe

MSConfigStartUp-Nokia - e:\arquivos de programas\Nokia\Nokia PC Suite 6\PCSync2.exe

MSConfigStartUp-SiteAdvisor - e:\arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

.

------- Scan Suplementar -------

.

uStart Page = about:blank

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://br.search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xportar para o Microsoft Excel - e:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Translate with &Babylon - e:\arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} - hxxps://secwebclinic.ahnlab.com/asp/cab/mkdplus.cab

FF - ProfilePath - e:\documents and settings\Felipe de Souza\Dados de aplicativos\Mozilla\Firefox\Profiles\5o2cppyd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Live Search

FF - prefs.js: browser.startup.homepage - www.orkut.com

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: e:\documents and settings\Felipe de Souza\Dados de aplicativos\Mozilla\Firefox\Profiles\5o2cppyd.default\extensions\{f592709f-ff4a-4862-b659-4afabda56312}\components\FFExternalAlert.dll

FF - plugin: e:\arquivos de programas\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: e:\arquivos de programas\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: e:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: e:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: e:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: e:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.enforce_same_site_origin", false);

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.ogg.enabled", true);

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.wave.enabled", true);

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.autoplay.enabled", true);

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

e:\arquivos de programas\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-02 19:33:10

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5A52899D-87F3-097F-6051-C61BEBFA4271}*]

@Allowed: (Read) (RestrictedCode)

.

Tempo para conclusão: 2009-04-02 19:35:54

ComboFix-quarantined-files.txt 2009-04-02 22:35:48

Pré-execução: 1,773,019,136 bytes disponíveis

Pós execução: 1,789,616,128 bytes disponíveis

Current=5 Default=5 Failed=3 LastKnownGood=1 Sets=1,2,3,5

422 --- E O F --- 2009-04-02 17:31:31

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:06:12, on 2/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\svchost.exe

E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

E:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

E:\Arquivos de programas\Google\Update\GoogleUpdate.exe

E:\WINDOWS\system32\nvsvc32.exe

E:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

E:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\SearchIndexer.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

E:\WINDOWS\Explorer.EXE

E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

E:\Arquivos de programas\BitTorrent\bittorrent.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

E:\Arquivos de programas\Mozilla Firefox 3.1 Beta 2\firefox.exe

E:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

E:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

E:\Arquivos de programas\Windows Live\Mail\wlmail.exe

E:\Hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - E:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - E:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - E:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - E:\Arquivos de programas\Babylon\Babylon Toolbar\BabylonIEToolBar.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - E:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [avast!] E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [bitTorrent] "E:\Arquivos de programas\BitTorrent\bittorrent.exe"

O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-1220945662-573735546-839522115-1003\..\Run: [bitTorrent] "E:\Arquivos de programas\BitTorrent\bittorrent.exe" (User '?')

O4 - HKUS\S-1-5-21-1220945662-573735546-839522115-1003\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-21-1220945662-573735546-839522115-1003 Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User '?')

O4 - Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Translate with &Babylon - res://E:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228502599578

O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - https://secwebclinic.ahnlab.com/asp/cab/mkdplus.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Update Service (gupdate1c9a8d98cb40f30) (gupdate1c9a8d98cb40f30) - Google Inc. - E:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - E:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: NBService - Nero AG - E:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - E:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 10970 bytes

Agradeço desde ja...

DigRam · Abril 3, 2009

Boa Noite! Felipe7l

<@> Baixe: < UsbFix.exe > ( ...par Chiquitine29 et Chimay8 )

<@> Salve-o no Desktop! --> Tire-o do zip!

<@> Desabilite,temporariamente,seus programas de proteção. <-- ( antivírus,antispyware e firewall )

<@> Para maiores detalhes,na instalação,siga as recomendações deste Tutorial. <-- Link

<@> Execute a ferramenta,com um duplo-clique em UsbFix.exe.

<@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... )

<@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok.

<@> O computador irá reiniciar. <-- Aguarde!

<@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta.

<@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante!

<@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter.

<@> Poste o relatório,que estará em: C:\UsbFix.txt

Abraços!

Felipe7l · Abril 3, 2009

Opa....

Não achei q seria tão rapido...

vlw mesmo!

tá ai o log

-------------- UsbFix V2.395 ---------------

* User : Felipe de Souza - ACAS-7189DF506C

* Outils mis a jours le 20/10/2008 par Chiquitine29 et Chimay8

* Recherche effectuée à 19:56:25 le --- 03/04/2009

* Windows Xp - Internet Explorer 8.0.6001.18702

--------------- [ Processus actifs ] ----------------

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\csrss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\svchost.exe

E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

E:\WINDOWS\system32\logonui.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Arquivos de programas\Alwil Software\Avast4\setup\avast.setup

E:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

E:\Arquivos de programas\Google\Update\GoogleUpdate.exe

E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

E:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

E:\Arquivos de programas\Google\Update\GoogleUpdate.exe

E:\WINDOWS\system32\nvsvc32.exe

E:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

E:\Arquivos de programas\Google\Update\GoogleUpdate.exe

E:\WINDOWS\system32\WgaTray.exe

E:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\SearchIndexer.exe

E:\DOCUME~1\FELIPE~1\CONFIG~1\Temp\4.tmp\b2e.exe

--------------- [ Informations lecteurs ] ----------------

C: - Unidade de disco remov¡vel

E: - Unidade de disco fixo

F: - Unidade de disco fixo

G: - Unidade de disco remov¡vel

H: - Unidade de disco remov¡vel

+- Contenu de l'autorun : C:\autorun.inf

[AutoRun]

;q217Akjdk9l3sKaroliwwpaa45JsDmKwaDD2JJl2S90jFd3

open=m0vnonh.bat

;Lji1HajonSwKwD

shell\open\Command=m0vnonh.bat

+- Contenu de l'autorun : H:\autorun.inf

-------------------------------------------------

--------------- [ Registre / Startup ] ----------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

avast! REG_SZ E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

NvCplDaemon REG_SZ RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

BitTorrent REG_SZ "E:\Arquivos de programas\BitTorrent\bittorrent.exe"

ctfmon.exe REG_SZ E:\WINDOWS\system32\ctfmon.exe

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a81d1e5-d761-11dd-85ca-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a81d1e5-d761-11dd-85ca-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a81d1e5-d761-11dd-85ca-00109588f044}\Shell\explore\Command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a81d1e5-d761-11dd-85ca-00109588f044}\Shell\explore\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a81d1e5-d761-11dd-85ca-00109588f044}\Shell\open\Command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a81d1e5-d761-11dd-85ca-00109588f044}\Shell\open\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b5c1600-e22d-11dc-8223-0011d8abaa45}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b5c1600-e22d-11dc-8223-0011d8abaa45}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a1d9a8f-1fdd-11de-87ce-0016b68d581a}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a1d9a8f-1fdd-11de-87ce-0016b68d581a}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93c1bb04-f246-11dd-8611-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93c1bb04-f246-11dd-8611-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93c1bb04-f246-11dd-8611-00109588f044}\Shell\open\Command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93c1bb04-f246-11dd-8611-00109588f044}\Shell\open\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa108ff5-7c46-11dd-848c-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa108ff5-7c46-11dd-848c-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9da06ba-d793-11dd-85cb-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9da06ba-d793-11dd-85cb-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d28d13e2-d79d-11dd-85cd-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d28d13e2-d79d-11dd-85cd-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4f8ddfe-7ad2-11dd-8481-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4f8ddfe-7ad2-11dd-8481-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4f8ddfe-7ad2-11dd-8481-00109588f044}\Shell\explore\Command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4f8ddfe-7ad2-11dd-8481-00109588f044}\Shell\explore\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4f8ddfe-7ad2-11dd-8481-00109588f044}\Shell\open\Command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4f8ddfe-7ad2-11dd-8481-00109588f044}\Shell\open\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd464f9c-406a-11dd-83a4-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd464f9c-406a-11dd-83a4-00109588f044}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd464f9c-406a-11dd-83a4-00109588f044}\Shell\open\Command

Supprimé ! - HKEY_USERS\S-1-5-21-1220945662-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd464f9c-406a-11dd-83a4-00109588f044}\Shell\open\Command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - C:\autorun.inf

Supprimé ! - H:\autorun.inf

--------------- ! Fin du rapport ! ----------------

Felipe7l · Abril 3, 2009

ah depois de reiniciar...

eu loguei o usuário ai ele estava esfetuando limpeza de disco nos discos locais (nao sei quais...) ai eu cancelei sera q deu algum problema?

Vlw...

Abrass

DigRam · Abril 4, 2009

ah depois de reiniciar...
eu loguei o usuário ai ele estava esfetuando limpeza de disco nos discos locais (nao sei quais...) ai eu cancelei sera q deu algum problema?

Vlw...

Abrass

<><><><><><><><><>

Opa! Felipe7l

<!> Não! Pois o relatório parece-me completo.

<><><><><><><><><>

<@> Baixe: < RSIT > ( ...by random/random )

<@> Salve-o,diretamente,no Disco Local ( E ).

<@> Dê um duplo clique em RSIT.exe,para executar a ferramenta.

<@> Na janela que abrir,disclamer,clique em "Continue".

<@> Aguarde a conclusão de "Running HijackThis". <-- Pseudo!

<@> Terminando,abrir-se-à o Bloco de Notas com o relatório: log.txt <-- Relatório para postagem!

<@> Poste,também,na sua resposta: info.txt,que estará em E:\rsit\info.txt <--

Abraços!

Felipe7l · Abril 5, 2009

ah depois de reiniciar...
eu loguei o usuário ai ele estava esfetuando limpeza de disco nos discos locais (nao sei quais...) ai eu cancelei sera q deu algum problema?

Vlw...

Abrass

<><><><><><><><><>

Opa! Felipe7l

<!> Não! Pois o relatório parece-me completo.

<><><><><><><><><>

<@> Baixe: < RSIT > ( ...by random/random )

<@> Salve-o,diretamente,no Disco Local ( E ).

<@> Dê um duplo clique em RSIT.exe,para executar a ferramenta.

<@> Na janela que abrir,disclamer,clique em "Continue".

<@> Aguarde a conclusão de "Running HijackThis". <-- Pseudo!

<@> Terminando,abrir-se-à o Bloco de Notas com o relatório: log.txt <-- Relatório para postagem!

<@> Poste,também,na sua resposta: info.txt,que estará em E:\rsit\info.txt <--

Abraços!

Felipe7l · Abril 5, 2009

Fla ae....

Log:

Logfile of random's system information tool 1.06 (written by random/random)

Run by Felipe de Souza at 2009-04-05 20:00:28

WIN_XP Service Pack 3

System drive E: has 2 GB (3%) free of 60 GB

Total RAM: 512 MB (8% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:00:57, on 5/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\svchost.exe

E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

E:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

E:\Arquivos de programas\Google\Update\GoogleUpdate.exe

E:\WINDOWS\system32\nvsvc32.exe

E:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

E:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\SearchIndexer.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

E:\WINDOWS\Explorer.EXE

E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

E:\Arquivos de programas\BitTorrent\bittorrent.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

E:\Arquivos de programas\Mozilla Firefox 3.1 Beta 2\firefox.exe

E:\Arquivos de programas\Windows Media Player\wmplayer.exe

E:\WINDOWS\system32\SearchProtocolHost.exe

E:\RSIT.exe

E:\Hijack\Felipe de Souza.exe