[Resolvido!] PC travando

William Bruno · Novembro 26, 2009

Segue o log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:24:58, on 26/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Arquivos de programas\Oi\Velox3G\Velox3G.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

D:\Meus Documentos\Downloads\antivirus\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com/

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1A8CC9F4-B82E-45AF-B28F-CFEDFE587642}: NameServer = 200.142.130.202 200.220.227.100

O17 - HKLM\System\CS1\Services\Tcpip\..\{1A8CC9F4-B82E-45AF-B28F-CFEDFE587642}: NameServer = 200.142.130.202 200.220.227.100

O17 - HKLM\System\CS2\Services\Tcpip\..\{1A8CC9F4-B82E-45AF-B28F-CFEDFE587642}: NameServer = 200.142.130.202 200.220.227.100

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 5977 bytes

----------

Tenho problemas ?

DigRam · Novembro 27, 2009

Bom Dia! Willian Bruno

<@> Baixe: < >

<@> < Link - 2 >

<@> < Link - 3 >

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><><>

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.

Abraços!

William Bruno · Novembro 27, 2009

Malwarebytes' Anti-Malware 1.41
Versão do banco de dados: 2775

Windows 5.1.2600 Service Pack 3

27/11/2009 15:05:58

mbam-log-2009-11-27 (15-05-58).txt

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 149604

Tempo decorrido: 13 minute(s), 36 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 2

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 1

Arquivos infectados: 2

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Generic.Bot.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Delete on reboot.

Arquivos infectados:

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe (Generic.Bot.H) -> Delete on reboot.

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

e do hjack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:21:19, on 27/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Arquivos de programas\Oi\Velox3G\Velox3G.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

D:\Meus Documentos\Downloads\antivirus\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com/

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1A8CC9F4-B82E-45AF-B28F-CFEDFE587642}: NameServer = 200.142.130.202 200.220.227.100

O17 - HKLM\System\CS1\Services\Tcpip\..\{1A8CC9F4-B82E-45AF-B28F-CFEDFE587642}: NameServer = 200.142.130.202 200.220.227.100

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 6110 bytes

caraca! q loouco isso! hauhau

num manjo nada..

DigRam · Novembro 27, 2009

Boa Tarde! Willian Bruno

<!> O relatório do Malwarebytes,indicou infecções no PC oriundas de unidades removíveis. ( pendrive,etc... )

<><><><><><><><><><><>

<@> Baixe: < UsbFix >

<@> Salve-a em Arquivos de programas!

<@> Desabilite seu antivírus!

<@> Instale e execute a ferramenta,com um duplo-clique em: < >

<@> Nas opções da língua,escolha "PT-BR" --> Enter.

<@> Escolha a opção 2: 2. Suppression des fichiers infectieux --> Aperte Enter.

< >

<@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... )

<@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok.

< >

<@> O computador irá reiniciar. <-- Aguarde!

<@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta.

<@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante!

<@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter.

<@> Poste o relatório,que estará em: C:\UsbFix.txt

Abraços!

William Bruno · Novembro 27, 2009

Boa Noite DigRam !

E muito obrigado!!

Removeu várias coisas.. até algumas 'ilicitas' :blush:

############################## | UsbFix V6.058 |

User : Administrador (Administradores) # BRUNO

Update on 26/11/2009 by Chiquitine29, C_XX & Chimay8

Start at: 20:36:45 | 27/11/2009

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

AMD Athlon 7850 Dual-Core Processor

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 6.0.2900.5512

Windows Firewall Status : Disabled

C:\ -> Disco fixo local # 97,65 Go (88,21 Go free) [sistema] # NTFS

D:\ -> Disco fixo local # 368,1 Go (281,28 Go free) [Documentos] # NTFS

E:\ -> Disco CD-ROM # 0,38 Mo (0 Mo free) [bluebirds] # CDFS

F:\ -> Disco removível

G:\ -> Disco removível # 3,74 Go (3,73 Go free) [bRUNO] # FAT32

H:\ -> Disco removível # 1,96 Go (1,95 Go free) # FAT32

############################## | Processos activos |

C:\WINDOWS\System32\smss.exe 588

C:\WINDOWS\system32\csrss.exe 656

C:\WINDOWS\system32\winlogon.exe 680

C:\WINDOWS\system32\services.exe 724

C:\WINDOWS\system32\lsass.exe 736

C:\WINDOWS\system32\svchost.exe 900

C:\WINDOWS\system32\svchost.exe 968

C:\WINDOWS\System32\svchost.exe 1008

C:\WINDOWS\system32\svchost.exe 1048

C:\WINDOWS\system32\svchost.exe 1112

C:\WINDOWS\system32\svchost.exe 1160

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe 1196

C:\WINDOWS\Explorer.EXE 1428

C:\WINDOWS\system32\spoolsv.exe 1504

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe 1604

C:\Arquivos de programas\Java\jre6\bin\jqs.exe 1648

C:\Arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld.exe 1672

C:\WINDOWS\system32\nvsvc32.exe 1704

C:\WINDOWS\system32\svchost.exe 1768

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe 1848

C:\WINDOWS\system32\wscntfy.exe 864

C:\WINDOWS\System32\alg.exe 1128

C:\WINDOWS\system32\wbem\wmiapsrv.exe 1388

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 2188

C:\WINDOWS\system32\RUNDLL32.EXE 2232

C:\WINDOWS\FixCamera.exe 2276

C:\WINDOWS\system32\ctfmon.exe 2344

C:\Arquivos de programas\Skype\Phone\Skype.exe 2368

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe 2444

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe 2680

C:\WINDOWS\system32\taskmgr.exe 3028

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe 3080

C:\Arquivos de programas\Oi\Velox3G\Velox3G.exe 3372

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe 1260

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe 1360

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe 2100

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe 2180

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe 1656

C:\WINDOWS\system32\wbem\wmiprvse.exe 1320

################## | Ficheiros # pastas infeciosos |

C:\ewqij.bat

C:\l61yyp.exe

C:\mje12tni.exe

C:\o8tf6l.exe

C:\o8tf6l.exe

C:\qcod.exe

C:\ycvvj.exe

C:\Recycler\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

C:\Recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini

C:\Recycler\S-1-5-21-1482476501-1644491937-682003330-1013

D:\cv8j.exe

D:\ewqij.bat

D:\g8k.exe

D:\ktly.exe

D:\l61yyp.exe

D:\mje12tni.exe

D:\mqhnawe.bat

D:\o8tf6l.exe

D:\o8tf6l.exe

D:\pkkwng.exe

D:\pkkwng.exe

D:\qcod.exe

D:\xs6kpr0.exe

D:\ycvvj.exe

E:\autorun.inf

E:\BlueBirds.exe

E:\Drag&Burn.exe

E:\S e t u p.exe

G:\autorun.inf

G:\autorun.inf -> ficheiro chamado : "G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe" ( Presente ! )

G:\l61yyp.exe

G:\Recycler\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

G:\Recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini

G:\Recycler\S-1-5-21-1482476501-1644491937-682003330-1013

G:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx

G:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665

H:\autorun.inf

H:\autorun.inf -> ficheiro chamado : "H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe" ( Presente ! )

H:\Recycler\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

H:\Recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini

H:\Recycler\S-1-5-21-1482476501-1644491937-682003330-1013

H:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx

H:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665

C:\System Volume Information\_restore{3A5FAF6D-663C-43E2-B883-94EC61A4891F}\RP4\A0016734.exe

################## | Registro # Chaves infectieuses |

[HKLM\SYSTEM\CurrentControlSet\Services\AVPsys]

[HKLM\SYSTEM\ControlSet001\Services\AVPsys]

[HKLM\SYSTEM\ControlSet002\Services\AVPsys]

################## | Registro # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{0a774396-aac4-11de-bde9-00248cbc499f}

Shell\AutoRun\command =H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

Shell\open\command =H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

HKCU\..\..\Explorer\MountPoints2\{5ddeb004-a3d0-11de-9b4b-00248cbc499f}

Shell\AutoRun\command =H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

Shell\open\command =H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

HKCU\..\..\Explorer\MountPoints2\{704b3bf9-ac92-11de-bdef-00248cbc499f}

Shell\autoPlaY\command =tscn.exe

Shell\AutoRun\command =tscn.exe

Shell\explorE\COMmand =tscn.exe

Shell\opeN\cOmmAnd =tscn.exe

HKCU\..\..\Explorer\MountPoints2\{a9be2fde-d213-11de-be85-00248cbc499f}

Shell\AutoRun\command =G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

Shell\open\command =G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

HKCU\..\..\Explorer\MountPoints2\{a9be2fdf-d213-11de-be85-00248cbc499f}

Shell\AutoRun\command =H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

Shell\open\command =H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

HKCU\..\..\Explorer\MountPoints2\{bcd12dfd-d8e8-11de-be9f-00248cbc499f}

Shell\AutoRun\command =G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

Shell\open\command =G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

HKCU\..\..\Explorer\MountPoints2\{d5db7ba7-a2df-11de-9b48-00248cbc499f}

Shell\AutoRun\command =G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

Shell\open\command =G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

################## | Cracks / Keygens / Serials |

"C:\Arquivos de programas\Java\jdk1.6.0_12\bin\serialver.exe"

07/10/2009 21:09 |Size 27648 |Crc32 96c798eb |Md5 903225c531b636cfda1ce74f21047201

"D:\Meus Documentos\Downloads\Guitar Pro\keygen.exe"

03/09/2005 20:46 |Size 46785 |Crc32 72d1190e |Md5 6fbcf22ac07914072155a89af983355b

"D:\Meus Documentos\Downloads\Macromedia Studio 8\FIX\keygen.exe"

24/08/2007 11:54 |Size 55296 |Crc32 567e703a |Md5 3bd08acd4079d75290eb1fb0c34ff700

"D:\Meus Documentos\Downloads\Sound Forge\keygen.exe"

15/03/2005 14:25 |Size 56320 |Crc32 9530f231 |Md5 63e53062453ac954e77c69c1e9405dc4

"D:\Meus Documentos\Downloads\NFSMW Crack - by ORiON - www.NEEDFORLUMBRIGA.zip"

-> Contain : NFSMW Crack - by ORiON - www.NEEDFORLUMBRIGA.com\NFSMW Crack - by ORiON - www.NEEDFORLUMBRIGA.com.exe

"D:\Meus Documentos\Downloads\Macromedia Studio 8\FIX\keygen.zip"

-> Contain : keygen.exe 55296 DFLT-N 10% 50029 24-08-2007 10:54:08 567e703a

"D:\Meus Documentos\Downloads\GTA_IV_-_Patch___Crack_1.0.3_-_Funciona.rar"

-> contain : GTA IV - Patch + Crack 1.0.3 - Funcional\GTA IV 1.0.3 Crack\LaunchGTAIV.exe

"D:\Meus Documentos\Downloads\GTA_IV_-_Patch___Crack_1.0.3_-_Funciona.rar"

-> contain : GTA IV - Patch + Crack 1.0.3 - Funcional\GTA IV 1.0.3 Patch\GTAIV_Patch_1030.exe

################## | ! Fim do relatório # UsbFix V6.058 ! |

DigRam · Novembro 27, 2009

Boa Noite! William Bruno

<@> Faça um escaneamento,online,em: < Eset Nod32 >

<@> Utilize o navegador Internet Explorer.

<@> Marque a caixa: "SIM,aceito as condições de uso" --> Iniciar.

<@> Marque a caixa: "YES, I accept the Terms of Use" --> Start.

<@> Aceite a instalação do ActiveX e,ao terminar,salve e poste o relatório. ( C:\Arquivos de programas\EsetOnlineScanner\log )

<><><><><><><><><><><>

<@> Baixe: < DDS > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite seus programas de proteção: antivírus,antimalware,antispyware ou firewall.

<@> Estando desconectado,execute a ferramenta! --> Duplo clique em .

<@> Aguarde o término do scan,até obtermos o relatório. ( DDS.txt )

<@> Surgirá,também,uma nova janela: "D.D.S - Optional_Scan" --> Clique em Sim.

<@> O Bloco de Notas irá abrir,com outro relatório. ( Attach.txt ) <--

<@> Ps: Caso o relatório seja incompreensível,renomeie o executável para DDS.exe e repita o scan.

<@> Outra janela,finalmente,abrir-se-à! --> Clique em OK.

<@> Salve e poste o relatório: DDS.txt <--

Abraços!

William Bruno · Novembro 28, 2009

Bom Dia DigRam !

é 'tão grave' assim ?

Caraca! onde tu aprendeu tudo isso ?

DDS.txt

DDS (Ver_09-11-24.02) - NTFSx86

Run by Administrador at 6:31:07,15 on s b 28/11/2009

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3327.2341 [GMT -2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\Arquivos de programas\Oi\Velox3G\Velox3G.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

D:\Meus Documentos\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://br.yahoo.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\arquivos de programas\skype\phone\Skype.exe" /nosplash /minimized

mRun: [HDAudDeck] c:\arquivos de programas\via\viaudioi\hdadeck\HDeck.exe 1

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [FixCamera] c:\windows\FixCamera.exe

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\arquivos de programas\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\monito~1.lnk - c:\arquivos de programas\apache software foundation\apache2.2\bin\ApacheMonitor.exe

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {1A8CC9F4-B82E-45AF-B28F-CFEDFE587642} = 200.142.130.202 200.220.227.100

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} - c:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\dadosd~1\mozilla\firefox\profiles\slx6amca.default\

FF - prefs.js: browser.startup.homepage - hxxp://br.yahoo.com/

FF - component: c:\documents and settings\administrador\dados de aplicativos\mozilla\firefox\profiles\slx6amca.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e8874}\components\GbMzhAbn.dll

FF - component: c:\documents and settings\administrador\dados de aplicativos\mozilla\firefox\profiles\slx6amca.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\documents and settings\administrador\configuraã§ãµes locais\dados de aplicativos\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R2 Apache2.2;Apache2.2;c:\arquivos de programas\apache software foundation\apache2.2\bin\httpd.exe [2008-12-10 24636]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-11-27 38224]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-9-3 845184]

S2 nyaimi;sqokf;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]

S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-8-17 18688]

S3 XDva281;XDva281;\??\c:\windows\system32\xdva281.sys --> c:\windows\system32\XDva281.sys [?]

=============== Created Last 30 ================

2009-11-27 22:34:43 0 d-----w- C:\UsbFix

2009-11-27 13:04:45 0 d-----w- c:\docume~1\admini~1\dadosd~1\Malwarebytes

2009-11-27 13:04:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-27 13:04:42 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-27 13:04:42 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2009-11-27 13:04:42 0 d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-11-21 17:19:16 0 d-----w- c:\documents and settings\administrador\Bluebirds

2009-11-17 13:04:17 86016 ----a-w- c:\windows\unvise32.exe

2009-11-17 13:04:11 0 d-----w- c:\arquivos de programas\DivX

2009-11-13 18:05:03 0 d-----w- c:\arquivos de programas\Macromedia

2009-11-13 18:05:03 0 d-----w- c:\arquivos de programas\arquivos comuns\Macromedia

2009-11-13 18:03:58 0 d-----w- c:\windows\Downloaded Installations

2009-11-11 17:24:03 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2009-11-11 17:24:03 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2009-11-11 17:23:46 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys

2009-11-11 17:23:45 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys

2009-11-11 17:23:45 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys

2009-11-11 17:23:45 0 d-----w- c:\docume~1\admini~1\dadosd~1\Lightcomm

2009-11-11 17:23:43 0 d-----w- c:\docume~1\admini~1\dadosd~1\Oi

2009-11-11 17:23:43 0 d-----w- c:\arquivos de programas\Oi

2009-11-09 16:18:35 0 d-----w- c:\arquivos de programas\Microsoft

2009-11-08 23:43:56 0 d-----w- c:\arquivos de programas\Orban

2009-11-08 23:43:51 0 d-----w- c:\arquivos de programas\Megacubo

2009-11-08 11:05:26 114924 --sh--r- C:\l61yyp.exe

==================== Find3M ====================

2009-11-18 14:14:30 463612 ----a-w- c:\windows\system32\perfh016.dat

2009-11-18 14:14:29 76174 ----a-w- c:\windows\system32\perfc016.dat

2009-11-17 23:05:04 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys

2009-10-13 08:27:14 114400 --sh--r- C:\ycvvj.exe

2009-10-12 13:04:18 114888 --sh--r- C:\mje12tni.exe

2009-10-07 23:09:49 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-09-18 03:34:53 116163 --sh--r- C:\qcod.exe

2009-09-16 23:54:54 115942 --sh--r- C:\o8tf6l.exe

2009-09-03 13:03:44 112747 --sh--r- C:\ewqij.bat

2009-09-03 12:33:23 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2008-04-14 12:00:00 168629 --sha-r- c:\windows\system32\xijyloa.dll

============= FINISH: 6:31:17,93 ===============

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-11-24.02)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 3/9/2009 09:46:44

System Uptime: 28/11/2009 06:08:31 (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | M3A78

Processor: AMD Athlon 7850 Dual-Core Processor | AM2 | 2812/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 98 GiB total, 88,087 GiB free.

D: is FIXED (NTFS) - 368 GiB total, 281,25 GiB free.

E: is CDROM (CDFS)

F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 21/11/2009 10:18:07 - Ponto de verificação do sistema

RP2: 22/11/2009 06:16:34 - Removed Apple Software Update

RP3: 24/11/2009 10:03:38 - Ponto de verificação do sistema

RP4: 25/11/2009 15:01:54 - Ponto de verificação do sistema

==== Installed Programs ======================

Ícone Fácil 5.0

Ad-Aware

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Help Center 1.0

Adobe Photoshop CS2

Adobe Reader 9.1 - Português

Adobe Stock Photos 1.0

AMD Processor Driver

Apache HTTP Server 2.2.11

Assistente de Conexão do Windows Live

µTorrent

BR

CCleaner (remove only)

CorelDRAW Graphics Suite X3

DivX 5.0.3 Bundle

Ferramenta de Carregamento do Windows Live

FontNav

Google Chrome

Guitar Pro 5.0

HijackThis 2.0.2

Java DB 10.4.1.3

Java 6 Update 12

Java SE Development Kit 6 Update 12

K-Lite Mega Codec Pack 4.6.2

Macromedia Extension Manager

Macromedia Flash 8

Macromedia Flash 8 Video Encoder

Macromedia Flash Player 8

Malwarebytes' Anti-Malware

Megacubo 7.1.5

Microsoft .NET Framework 2.0

Microsoft .NET Framework 2.0 Language Pack - PTB

Microsoft .NET Framework 3.0

Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Mozilla Firefox (3.5.5)

MSVCRT

MSXML 6.0 Parser (KB925673)

MySQL Server 5.1

NVIDIA Drivers

NVIDIA PhysX

Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0

Pacote de Driver do Windows - ZTE Corporation (ZTEusbmdm6k) Modem (11/04/2008 1.2050.0.9)

Pacote de Driver do Windows - ZTE Corporation (ZTEusbnmea) Ports (11/04/2008 1.2050.0.9)

Pacote de Driver do Windows - ZTE Corporation (ZTEusbser6k) Ports (11/04/2008 1.2050.0.9)

Pacote de Idiomas do Português (Brasil) para Microsoft .NET Framework 3.0

Platform

PowerDVD

PrimoPDF

QuickTime

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Segoe UI

Skype™ 4.1

Spelling Dictionaries Support For Adobe Reader 9

STREET FIGHTER IV

TeamSpeak 2 RC2

TUGZip 3.5

Update Manager

USB2.0 PC Camera (SN9C201&202)

VBA

Velox3G.exe

VIA Gerenciador de dispositivo de plataforma

WebFldrs XP

Windows Communication Foundation

Windows Communication Foundation Language Pack - PTB

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Player 11

Windows Presentation Foundation

Windows Presentation Foundation Language Pack (PTB)

Windows Workflow Foundation

Windows Workflow Foundation BR Language Pack

XML Paper Specification Shared Components Language Pack 1.0

XML Paper Specification Shared Components Pack 1.0

ZOTAC FireStorm

==== End Of File ===========================

E o site 'eset.com.br' está fora do ar.

DigRam · Novembro 28, 2009

Bom Dia! William Bruno

é 'tão grave' assim ?
Caraca! onde tu aprendeu tudo isso ?

<!> Worms sempre dão um pouco de trabalho.

<!> Quanto à função de Analista,lhe digo que tenho muito que aprender...

<!> Ps: Seu java está desatualizado: Java™ 6 Update 12 :seta: Java™ 6 Update 17 <-- Atualizado!

<!> Após a desinfecção do PC,lhe passarei os procedimentos para atualizá-lo.

<><><><><><><><><><><>

<@> Para desinstalar o Malwarebytes,dê duplo-clique no arquivo em destaque.

<@> C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe <--

<@> Reinicie o computador,após a conclusão!

<><><><><><><><><><><>

<@> Baixe: < > ( ...by OldTimer Tools )

<@> Salve-o no desktop e,execute-o aí mesmo!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:Processes

explorer.exe

:Services

nyaimi

sqokf

:Files

c:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

c:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013

c:\windows\system32\xijyloa.dll

C:\mje12tni.exe

C:\qcod.exe

C:\o8tf6l.exe

C:\ewqij.bat

C:\ycvvj.exe

C:\l61yyp.exe

:Reg

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Copie e cole estas informações,entre os XXXXX...,para o campo ( clipboard ),da ferramenta.

<@> Ps: Área abaixo de "Paste Instructions for Items to be Moved".

<@> Clique em MoveIt.

<@> Na solicitação do reboot,confirme! --> Aguarde!

<@> Terminando,verifique o conteúdo texto da pasta: C:\_OTM\MovedFiles

<@> Copie e poste,seu relatório: C:\_OTM\MovedFiles\xx.xx.2009_xxxxx.log <--

Abraços!

William Bruno · Novembro 28, 2009

caraca! ^_^

e eu não sei nada disso.

All processes killed
========== PROCESSES ==========

No active process named explorer.exe was found!

========== SERVICES/DRIVERS ==========

Service nyaimi stopped successfully!

Service nyaimi deleted successfully!

No service named sqokf was found to stop!

Unable to stop service sqokf!

========== FILES ==========

c:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe moved successfully.

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 folder moved successfully.

LoadLibrary failed for c:\windows\system32\xijyloa.dll

File move failed. c:\windows\system32\xijyloa.dll scheduled to be moved on reboot.

C:\mje12tni.exe moved successfully.

C:\qcod.exe moved successfully.

C:\o8tf6l.exe moved successfully.

C:\ewqij.bat moved successfully.

C:\ycvvj.exe moved successfully.

C:\l61yyp.exe moved successfully.

========== REGISTRY ==========

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrador

->Temp folder emptied: 193345284 bytes

->Temporary Internet Files folder emptied: 1891942 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 104284777 bytes

->Google Chrome cache emptied: 63539816 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2339411 bytes

%systemroot%\System32 .tmp files removed: 2969 bytes

Windows Temp folder emptied: 374618 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 348,93 mb

OTM by OldTimer - Version 3.1.2.0 log created on 11282009_101747

Files moved on Reboot...

File move failed. c:\windows\system32\xijyloa.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

DigRam · Novembro 28, 2009

Bom Dia! William Bruno

<@> Vá em Iniciar --> Executar --> Digite: gpedit.msc

<@> Diretiva Computador Local --> Configurações do Computador --> Modelos Administrativos --> Sistema.

<@> No Painel direito,dê um duplo-clique em Desativar Auto-Executar.

<@> Marque: Ativado --> Selecione: Todas as unidades --> Ok.

<@> Assim,o computador não será reinfectado ao conectar seu pendrive,que poderá estar infectado.

<@> Ps: Recomendo a formatação de suas mídias removíveis.

<><><><><><><><><><><>

<@> Baixe: < Flash Disinfector >

<!> Link Opcional! --> < http://www.pplware.com/2009/01/20/virus-nas-pens-drives/ >

<@> Salve-o,diretamente,no Disco Local-C.

<@> Conecte,na entrada USB,suas unidades removíveis!

<@> Dê um duplo-clique em: Flash_Disinfector.exe

<@> Espere a conclusão!

<><><><><><><><><><><>

<@> Poste um novo relatório do DDS. ( DDS.txt )

Abraços!

William Bruno · Novembro 28, 2009

Bom Dia DigRam! :lol:

Okay! fiz o gpedit.msc !

Faltou 'um pen drive', q foi dar uma volta na papelaria.. qndo ele voltar já faço de novo o scan nele.

DDS.txt

DDS (Ver_09-11-24.02) - NTFSx86

Run by Administrador at 11:02:03,70 on s b 28/11/2009

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3327.2597 [GMT -2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Oi\Velox3G\Velox3G.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\taskmgr.exe

D:\Meus Documentos\Downloads\antivirus\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://br.yahoo.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\arquivos de programas\skype\phone\Skype.exe" /nosplash /minimized

mRun: [HDAudDeck] c:\arquivos de programas\via\viaudioi\hdadeck\HDeck.exe 1

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [FixCamera] c:\windows\FixCamera.exe

mRunOnce: [<NO NAME>]

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\monito~1.lnk - c:\arquivos de programas\apache software foundation\apache2.2\bin\ApacheMonitor.exe

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {1A8CC9F4-B82E-45AF-B28F-CFEDFE587642} = 200.142.130.202 200.220.227.100

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} - c:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\dadosd~1\mozilla\firefox\profiles\slx6amca.default\

FF - prefs.js: browser.startup.homepage - hxxp://br.yahoo.com/

FF - component: c:\documents and settings\administrador\dados de aplicativos\mozilla\firefox\profiles\slx6amca.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e8874}\components\GbMzhAbn.dll

FF - component: c:\documents and settings\administrador\dados de aplicativos\mozilla\firefox\profiles\slx6amca.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\documents and settings\administrador\configuraã§ãµes locais\dados de aplicativos\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R2 Apache2.2;Apache2.2;c:\arquivos de programas\apache software foundation\apache2.2\bin\httpd.exe [2008-12-10 24636]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-9-3 845184]

S2 nyaimi;sqokf;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]

S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-8-17 18688]

S3 XDva281;XDva281;\??\c:\windows\system32\xdva281.sys --> c:\windows\system32\XDva281.sys [?]

=============== Created Last 30 ================

2009-11-28 12:58:02 0 d-sha-r- C:\autorun.inf

2009-11-27 13:04:45 0 d-----w- c:\docume~1\admini~1\dadosd~1\Malwarebytes

2009-11-27 13:04:42 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2009-11-21 17:19:16 0 d-----w- c:\documents and settings\administrador\Bluebirds

2009-11-17 13:04:17 86016 ----a-w- c:\windows\unvise32.exe

2009-11-17 13:04:11 0 d-----w- c:\arquivos de programas\DivX

2009-11-13 18:05:03 0 d-----w- c:\arquivos de programas\Macromedia

2009-11-13 18:05:03 0 d-----w- c:\arquivos de programas\arquivos comuns\Macromedia

2009-11-13 18:03:58 0 d-----w- c:\windows\Downloaded Installations

2009-11-11 17:24:03 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2009-11-11 17:24:03 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2009-11-11 17:23:46 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys

2009-11-11 17:23:45 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys

2009-11-11 17:23:45 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys

2009-11-11 17:23:45 0 d-----w- c:\docume~1\admini~1\dadosd~1\Lightcomm

2009-11-11 17:23:43 0 d-----w- c:\docume~1\admini~1\dadosd~1\Oi

2009-11-11 17:23:43 0 d-----w- c:\arquivos de programas\Oi

2009-11-09 16:18:35 0 d-----w- c:\arquivos de programas\Microsoft

2009-11-08 23:43:56 0 d-----w- c:\arquivos de programas\Orban

2009-11-08 23:43:51 0 d-----w- c:\arquivos de programas\Megacubo

==================== Find3M ====================

2009-11-28 12:17:49 76174 ----a-w- c:\windows\system32\perfc016.dat

2009-11-28 12:17:49 463612 ----a-w- c:\windows\system32\perfh016.dat

2009-11-17 23:05:04 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys

2009-10-07 23:09:49 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-09-03 12:33:23 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2008-04-14 12:00:00 168629 --sha-r- c:\windows\system32\xijyloa.dll

============= FINISH: 11:02:08,10 ===============

DigRam · Novembro 28, 2009

Bom Dia! William Bruno

<!> Houve boa redução,no nível de infecções!

<!> Sem nenhuma unidade removível conectada,repita o scan com o UsbFix,e poste o relatório.

<><><><><><><><><><>

<@> Execute a ferramenta OTM.exe.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:Files

c:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

c:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013

c:\windows\system32\xijyloa.dll

C:\autorun.inf

:Services

nyaimi

:Commands

[purity]

[emptytemp]

[Reboot]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Copie e cole estas informações,entre os XXXXX...,para o campo ( clipboard ),da ferramenta.

<@> Ps: Área abaixo de "Paste Instructions for Items to be Moved".

<@> Clique em MoveIt.

<@> Na solicitação de reboot,confirme! --> Aguarde!

<@> Terminando,verifique o conteúdo texto da pasta: C:\_OTM\MovedFiles

<@> Copie e poste,seu relatório mais recente: C:\_OTM\MovedFiles\xxxx2009_xxxxxx.log <--

<@> Ps: Como a ferramenta não sobreescreve seus relatórios,devemos observar o que foi gerado logo após sua 2ª execução.

Abraços!

William Bruno · Novembro 30, 2009

Usbfix:

############################## | UsbFix V6.058 |

User : Administrador (Administradores) # BRUNO

Update on 26/11/2009 by Chiquitine29, C_XX & Chimay8

Start at: 06:37:18 | 30/11/2009

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

AMD Athlon 7850 Dual-Core Processor

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 6.0.2900.5512

Windows Firewall Status : Disabled

C:\ -> Disco fixo local # 97,65 Go (88,29 Go free) [sistema] # NTFS

D:\ -> Disco fixo local # 368,1 Go (281,25 Go free) [Documentos] # NTFS

E:\ -> Disco CD-ROM # 0,38 Mo (0 Mo free) [bluebirds] # CDFS

F:\ -> Disco removível

############################## | Active processes |

C:\WINDOWS\System32\smss.exe 588

C:\WINDOWS\system32\csrss.exe 692

C:\WINDOWS\system32\winlogon.exe 716

C:\WINDOWS\system32\services.exe 760

C:\WINDOWS\system32\lsass.exe 772

C:\WINDOWS\system32\svchost.exe 932

C:\WINDOWS\system32\svchost.exe 1008

C:\WINDOWS\System32\svchost.exe 1048

C:\WINDOWS\system32\svchost.exe 1088

C:\WINDOWS\system32\svchost.exe 1172

C:\WINDOWS\system32\svchost.exe 1200

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe 1236

C:\WINDOWS\Explorer.EXE 1464

C:\WINDOWS\system32\spoolsv.exe 1544

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe 1644

C:\Arquivos de programas\Java\jre6\bin\jqs.exe 1688

C:\Arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld.exe 1720

C:\WINDOWS\system32\nvsvc32.exe 1752

C:\WINDOWS\system32\svchost.exe 1804

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe 1884

C:\WINDOWS\System32\alg.exe 1168

C:\WINDOWS\system32\wbem\wmiapsrv.exe 2120

C:\WINDOWS\system32\wscntfy.exe 2204

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 2384

C:\WINDOWS\system32\RUNDLL32.EXE 2472

C:\WINDOWS\FixCamera.exe 2480

C:\WINDOWS\system32\ctfmon.exe 2488

C:\Arquivos de programas\Skype\Phone\Skype.exe 2500

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe 2528

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe 2816

C:\Arquivos de programas\Windows Media Player\wmplayer.exe 3092

C:\Arquivos de programas\Mozilla Firefox\firefox.exe 3120

C:\Arquivos de programas\Java\jre6\bin\java.exe 3376

C:\Arquivos de programas\Oi\Velox3G\Velox3G.exe 576

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe 3320

C:\WINDOWS\system32\taskmgr.exe 3788

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe 2884

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe 1664

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe 508

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe 464

C:\Arquivos de programas\notepad++\unicode\notepad++.exe 2552

C:\WINDOWS\system32\wbem\wmiprvse.exe 492

################## | Files # Infected Folders |

E:\autorun.inf

E:\BlueBirds.exe

E:\Drag&Burn.exe

E:\S e t u p.exe

################## | Registry # Infected Keys |

[HKLM\SYSTEM\CurrentControlSet\Services\AVPsys]

[HKLM\SYSTEM\ControlSet001\Services\AVPsys]

[HKLM\SYSTEM\ControlSet002\Services\AVPsys]

################## | Registry # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{0a774396-aac4-11de-bde9-00248cbc499f}

Shell\AutoRun\command =H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

Shell\open\command =H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

HKCU\..\..\Explorer\MountPoints2\{5ddeb004-a3d0-11de-9b4b-00248cbc499f}

Shell\AutoRun\command =H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

Shell\open\command =H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

HKCU\..\..\Explorer\MountPoints2\{704b3bf9-ac92-11de-bdef-00248cbc499f}

Shell\autoPlaY\command =tscn.exe

Shell\AutoRun\command =tscn.exe

Shell\explorE\COMmand =tscn.exe

Shell\opeN\cOmmAnd =tscn.exe

HKCU\..\..\Explorer\MountPoints2\{a9be2fde-d213-11de-be85-00248cbc499f}

Shell\AutoRun\command =G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

Shell\open\command =G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

HKCU\..\..\Explorer\MountPoints2\{a9be2fdf-d213-11de-be85-00248cbc499f}

Shell\AutoRun\command =H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

Shell\open\command =H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

HKCU\..\..\Explorer\MountPoints2\{bcd12dfd-d8e8-11de-be9f-00248cbc499f}

Shell\AutoRun\command =G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

Shell\open\command =G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

################## | Cracks / Keygens / Serials |

"C:\Arquivos de programas\Java\jdk1.6.0_12\bin\serialver.exe"

07/10/2009 21:09 |Size 27648 |Crc32 96c798eb |Md5 903225c531b636cfda1ce74f21047201

"D:\Meus Documentos\Downloads\Macromedia Studio 8\FIX\keygen.exe"

24/08/2007 11:54 |Size 55296 |Crc32 567e703a |Md5 3bd08acd4079d75290eb1fb0c34ff700

"D:\Meus Documentos\Downloads\NFSMW Crack - by ORiON - www.NEEDFORLUMBRIGA.zip"

-> Contain : NFSMW Crack - by ORiON - www.NEEDFORLUMBRIGA.com\NFSMW Crack - by ORiON - www.NEEDFORLUMBRIGA.com.exe

"D:\Meus Documentos\Downloads\Macromedia Studio 8\FIX\keygen.zip"

-> Contain : keygen.exe 55296 DFLT-N 10% 50029 24-08-2007 10:54:08 567e703a

"D:\Meus Documentos\Downloads\GTA_IV_-_Patch___Crack_1.0.3_-_Funciona.rar"

-> contain : GTA IV - Patch + Crack 1.0.3 - Funcional\GTA IV 1.0.3 Crack\LaunchGTAIV.exe

"D:\Meus Documentos\Downloads\GTA_IV_-_Patch___Crack_1.0.3_-_Funciona.rar"

-> contain : GTA IV - Patch + Crack 1.0.3 - Funcional\GTA IV 1.0.3 Patch\GTAIV_Patch_1030.exe

################## | ! End of report # UsbFix V6.058 ! |

DigRam · Novembro 30, 2009

Bom Dia! William Bruno

<!> O vírus que infecta unidades removíveis,ainda está em seu computador. ( ise32.exe )

<><><><><><><><><><>

<@> Baixe: < > ( ...by sUBs )

<!> Link-2 --> < ForoSpyware >

<!> Link-3 --> < GeeksToGo >

<!> Link-4 --> < como usar o combofix >

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Ps: A execução,por comando,também é possível:
<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

<@> Clique em Ok.

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.
<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Abraços!

William Bruno · Dezembro 1, 2009

Boa Noite ! e vlw pela ajuda até agora !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:33, on 30/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Oi\Velox3G\Velox3G.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\taskmgr.exe

D:\Meus Documentos\Downloads\antivirus\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1A8CC9F4-B82E-45AF-B28F-CFEDFE587642}: NameServer = 200.142.130.202 200.220.227.100

O17 - HKLM\System\CS1\Services\Tcpip\..\{1A8CC9F4-B82E-45AF-B28F-CFEDFE587642}: NameServer = 200.142.130.202 200.220.227.100

O17 - HKLM\System\CS2\Services\Tcpip\..\{1A8CC9F4-B82E-45AF-B28F-CFEDFE587642}: NameServer = 200.142.130.202 200.220.227.100

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 5679 bytes

e

ComboFix 09-11-29.06 - Administrador 30/11/2009 11:34.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3327.2530 [GMT -2:00]

Executando de: d:\meus documentos\Downloads\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_AVPsys

(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-28 to 2009-11-30 ))))))))))))))))))))))))))))

.

2009-11-30 11:55 . 2009-11-30 11:57 -------- d-----w- C:\Lop SD

2009-11-30 08:24 . 2009-11-30 11:47 -------- d-----w- C:\UsbFix

2009-11-28 20:32 . 2004-03-22 06:17 24816 ----a-w- c:\windows\system32\mdimon.dll

2009-11-28 20:29 . 2009-11-28 20:29 -------- d-----w- c:\arquivos de programas\Microsoft.NET

2009-11-27 13:04 . 2009-11-27 13:04 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-11-27 13:04 . 2009-11-27 13:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-11-21 17:19 . 2009-11-21 17:19 -------- d-----w- c:\documents and settings\Administrador\Bluebirds

2009-11-17 13:04 . 1999-12-17 12:13 86016 ----a-w- c:\windows\unvise32.exe

2009-11-17 13:04 . 2009-11-17 13:04 -------- d-----w- c:\arquivos de programas\DivX

2009-11-13 18:05 . 2009-11-13 18:05 45056 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe

2009-11-13 18:05 . 2009-11-13 19:17 -------- d-----w- c:\arquivos de programas\Macromedia

2009-11-13 18:05 . 2009-11-13 18:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macromedia

2009-11-13 18:03 . 2009-11-13 18:03 -------- d-----w- c:\windows\Downloaded Installations

2009-11-12 10:01 . 2009-11-12 10:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2009-11-11 17:24 . 2008-04-13 13:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2009-11-11 17:24 . 2008-04-13 13:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2009-11-11 17:23 . 2009-11-11 17:23 -------- d-----w- c:\arquivos de programas\DIFX

2009-11-11 17:23 . 2009-11-11 17:23 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys

2009-11-11 17:23 . 2009-11-11 17:23 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys

2009-11-11 17:23 . 2009-11-11 17:23 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys

2009-11-11 17:23 . 2009-11-11 17:23 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Lightcomm

2009-11-11 17:23 . 2009-11-11 17:23 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Oi

2009-11-11 17:23 . 2009-11-11 17:23 -------- d-----w- c:\arquivos de programas\Oi

2009-11-09 16:18 . 2009-11-09 16:18 -------- d-----w- c:\arquivos de programas\Microsoft

2009-11-09 16:18 . 2009-11-09 16:18 -------- d-----w- c:\arquivos de programas\Windows Live

2009-11-08 23:43 . 2009-11-30 02:41 180488 ----a-w- c:\windows\PSEXESVC.EXE

2009-11-08 23:43 . 2009-11-08 23:43 -------- d-----w- c:\arquivos de programas\Orban

2009-11-08 23:43 . 2009-11-08 23:43 -------- d-----w- c:\arquivos de programas\Megacubo

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-30 13:38 . 2009-09-03 13:55 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Skype

2009-11-30 11:45 . 2009-09-03 14:09 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\skypePM

2009-11-30 08:27 . 2008-04-14 12:00 76174 ----a-w- c:\windows\system32\perfc016.dat

2009-11-30 08:27 . 2008-04-14 12:00 463612 ----a-w- c:\windows\system32\perfh016.dat

2009-11-21 09:33 . 2009-09-03 21:49 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2009-11-17 23:05 . 2009-09-26 03:07 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys

2009-11-12 10:01 . 2009-09-03 13:55 -------- d-----r- c:\arquivos de programas\Skype

2009-11-12 10:01 . 2009-09-03 13:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype

2009-10-30 02:18 . 2009-09-03 13:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-10-28 02:24 . 2009-10-28 02:24 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Unity

2009-10-21 22:11 . 2009-10-21 16:35 -------- d-----w- c:\arquivos de programas\Free Monitor for Google

2009-10-20 20:09 . 2009-10-20 20:09 -------- d-----w- c:\arquivos de programas\Arquivos comuns\snp2std

2009-10-20 20:09 . 2009-09-03 13:01 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-10-20 15:51 . 2009-10-20 15:51 -------- d-----w- c:\arquivos de programas\Ícone Fácil 5.0

2009-10-19 16:33 . 2009-10-19 16:33 -------- d-----w- c:\arquivos de programas\MSBuild

2009-10-19 16:31 . 2009-10-19 16:31 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2009-10-19 16:30 . 2009-10-19 16:30 -------- d-----w- c:\arquivos de programas\Microsoft Games for Windows - LIVE

2009-10-16 01:46 . 2009-10-16 01:46 -------- d-----w- c:\arquivos de programas\activePDF

2009-10-11 15:52 . 2009-10-11 15:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-10-08 01:19 . 2009-09-21 15:03 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\uTorrent

2009-10-07 23:10 . 2009-10-07 23:10 -------- d-----w- c:\arquivos de programas\Sun

2009-10-07 23:09 . 2009-10-07 23:09 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-10-07 23:09 . 2009-10-07 23:09 -------- d-----w- c:\arquivos de programas\Java

2009-10-02 09:35 . 2009-09-03 16:29 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-09-26 03:10 . 2009-09-26 03:10 65536 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe

2009-09-26 03:10 . 2009-09-26 03:10 10134 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe

2009-09-05 20:50 . 2009-09-03 12:35 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-09-03 15:42 . 2009-09-03 15:42 0 ----a-w- c:\windows\nsreg.dat

2009-09-03 14:09 . 2009-09-03 14:09 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-09-03 12:33 . 2009-09-03 12:33 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2008-04-14 12:00 . 2008-04-14 12:00 168629 --sha-r- c:\windows\system32\xijyloa.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-08-15 30003200]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]

"FixCamera"="c:\windows\FixCamera.exe" [2006-10-09 20480]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-09 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Monitor Apache Servers.lnk - c:\arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2008-12-10 41042]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"d:\\Arquivos de programas\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3306:TCP"= 3306:TCP:MySQL Server

"5042:TCP"= 5042:TCP:acpfil

R2 Apache2.2;Apache2.2;c:\arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe [10/12/2008 01:10 24636]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [3/9/2009 11:02 845184]

S2 nyaimi;sqokf;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 10:00 14336]

S3 gogyae;gogyae;\??\c:\windows\system32\015.tmp --> c:\windows\system32\015.tmp [?]

S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

nyaimi

.

Conteúdo da pasta 'Tarefas Agendadas'

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://br.yahoo.com/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\slx6amca.default\

FF - prefs.js: browser.startup.homepage - hxxp://br.yahoo.com/

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\slx6amca.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}\components\GbMzhAbn.dll

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\slx6amca.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe UninstallGUI

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-30 11:38

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????????????

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gogyae]

"ImagePath"="\??\c:\windows\system32\015.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]

"ImagePath"="\"c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\arquivos de programas\MySQL\MySQL Server 5.1\my.ini\" MySQL"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nyaimi]

"ServiceDll"="c:\windows\system32\xijyloa.dll"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(1436)

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\arquiv~1\MICROS~2\OFFICE11\MCPS.DLL

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

c:\windows\system32\RUNDLL32.EXE

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\Skype\Plugin Manager\skypePM.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\arquivos de programas\Oi\Velox3G\Velox3G.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-11-30 11:39 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-11-30 13:39

Pré-execução: 7 pasta(s) 94.590.914.560 bytes disponíveis

Pós execução: 11 pasta(s) 94.504.599.552 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 5E1A72FD79C9D045B6E096EA9B3A0135

DigRam · Dezembro 1, 2009

Bom Dia! William Bruno

ComboFix 09-11-29.06 - Administrador 30/11/2009 11:34.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3327.2530 [GMT -2:00]

Executando de: d:\meus documentos\Downloads\ComboFix.exe

<!> Essa foi a 2ª execução da ferramenta. Correto?

<><><><><><><><><><>

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

File::
c:\windows\system32\xijyloa.dll

c:\windows\system32\015.tmp

Registry::

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gogyae]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nyaimi]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000000

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5042:TCP"=-

Driver::

"gogyae"

"nyaimi"

NetSvc::

"nyaimi"

<@> Ps: É recomendável que esteja desconectado,ao rodar o script.

<@> Ps: Desabilite,temporariamente,seu antivírus.

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste: C:\ComboFix.txt <--

Abraços!

William Bruno · Dezembro 1, 2009

Bom Dia DigRam!

ComboFix 09-11-30.05 - Administrador 01/12/2009 6:55.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3327.2559 [GMT -2:00]

Executando de: d:\meus documentos\Downloads\antivirus\ComboFix.exe

Comandos utilizados :: d:\meus documentos\Downloads\antivirus\CFScript.txt

FILE ::

"c:\windows\system32\015.tmp"

"c:\windows\system32\xijyloa.dll"

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\xijyloa.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NYAIMI

-------\Service_nyaimi

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-01 to 2009-12-01 ))))))))))))))))))))))))))))

.

2009-12-01 00:17 . 2009-12-01 00:20 -------- d-----w- C:\UsbFix

2009-11-28 20:32 . 2004-03-22 06:17 24816 ----a-w- c:\windows\system32\mdimon.dll

2009-11-28 20:29 . 2009-11-28 20:29 -------- d-----w- c:\arquivos de programas\Microsoft.NET

2009-11-27 13:04 . 2009-11-27 13:04 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-11-27 13:04 . 2009-11-27 13:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-11-21 17:19 . 2009-11-21 17:19 -------- d-----w- c:\documents and settings\Administrador\Bluebirds

2009-11-17 13:04 . 1999-12-17 12:13 86016 ----a-w- c:\windows\unvise32.exe

2009-11-17 13:04 . 2009-11-17 13:04 -------- d-----w- c:\arquivos de programas\DivX

2009-11-13 18:05 . 2009-11-13 18:05 45056 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe

2009-11-13 18:05 . 2009-11-13 19:17 -------- d-----w- c:\arquivos de programas\Macromedia

2009-11-13 18:05 . 2009-11-13 18:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macromedia

2009-11-13 18:03 . 2009-11-13 18:03 -------- d-----w- c:\windows\Downloaded Installations

2009-11-12 10:01 . 2009-11-12 10:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2009-11-11 17:24 . 2008-04-13 13:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2009-11-11 17:24 . 2008-04-13 13:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2009-11-11 17:23 . 2009-11-11 17:23 -------- d-----w- c:\arquivos de programas\DIFX

2009-11-11 17:23 . 2009-11-11 17:23 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys

2009-11-11 17:23 . 2009-11-11 17:23 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys

2009-11-11 17:23 . 2009-11-11 17:23 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys

2009-11-11 17:23 . 2009-11-11 17:23 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Lightcomm

2009-11-11 17:23 . 2009-11-11 17:23 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Oi

2009-11-11 17:23 . 2009-11-11 17:23 -------- d-----w- c:\arquivos de programas\Oi

2009-11-09 16:18 . 2009-11-09 16:18 -------- d-----w- c:\arquivos de programas\Microsoft

2009-11-09 16:18 . 2009-11-09 16:18 -------- d-----w- c:\arquivos de programas\Windows Live

2009-11-08 23:43 . 2009-11-30 02:41 180488 ----a-w- c:\windows\PSEXESVC.EXE

2009-11-08 23:43 . 2009-11-08 23:43 -------- d-----w- c:\arquivos de programas\Orban

2009-11-08 23:43 . 2009-11-08 23:43 -------- d-----w- c:\arquivos de programas\Megacubo

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-01 08:46 . 2009-09-03 13:55 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Skype

2009-12-01 08:40 . 2009-09-03 14:09 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\skypePM

2009-12-01 00:15 . 2008-04-14 12:00 76174 ----a-w- c:\windows\system32\perfc016.dat

2009-12-01 00:15 . 2008-04-14 12:00 463612 ----a-w- c:\windows\system32\perfh016.dat

2009-11-21 09:33 . 2009-09-03 21:49 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2009-11-17 23:05 . 2009-09-26 03:07 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys

2009-11-12 10:01 . 2009-09-03 13:55 -------- d-----r- c:\arquivos de programas\Skype

2009-11-12 10:01 . 2009-09-03 13:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype

2009-10-30 02:18 . 2009-09-03 13:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-10-28 02:24 . 2009-10-28 02:24 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Unity

2009-10-21 22:11 . 2009-10-21 16:35 -------- d-----w- c:\arquivos de programas\Free Monitor for Google

2009-10-20 20:09 . 2009-10-20 20:09 -------- d-----w- c:\arquivos de programas\Arquivos comuns\snp2std

2009-10-20 20:09 . 2009-09-03 13:01 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-10-20 15:51 . 2009-10-20 15:51 -------- d-----w- c:\arquivos de programas\Ícone Fácil 5.0

2009-10-19 16:33 . 2009-10-19 16:33 -------- d-----w- c:\arquivos de programas\MSBuild

2009-10-19 16:31 . 2009-10-19 16:31 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2009-10-19 16:30 . 2009-10-19 16:30 -------- d-----w- c:\arquivos de programas\Microsoft Games for Windows - LIVE

2009-10-16 01:46 . 2009-10-16 01:46 -------- d-----w- c:\arquivos de programas\activePDF

2009-10-11 15:52 . 2009-10-11 15:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-10-08 01:19 . 2009-09-21 15:03 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\uTorrent

2009-10-07 23:10 . 2009-10-07 23:10 -------- d-----w- c:\arquivos de programas\Sun

2009-10-07 23:09 . 2009-10-07 23:09 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-10-07 23:09 . 2009-10-07 23:09 -------- d-----w- c:\arquivos de programas\Java

2009-10-02 09:35 . 2009-09-03 16:29 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-09-26 03:10 . 2009-09-26 03:10 65536 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe

2009-09-26 03:10 . 2009-09-26 03:10 10134 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe

2009-09-05 20:50 . 2009-09-03 12:35 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-09-03 15:42 . 2009-09-03 15:42 0 ----a-w- c:\windows\nsreg.dat

2009-09-03 14:09 . 2009-09-03 14:09 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-09-03 12:33 . 2009-09-03 12:33 21844 ----a-w- c:\windows\system32\emptyregdb.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-08-15 30003200]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]

"FixCamera"="c:\windows\FixCamera.exe" [2006-10-09 20480]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-09 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Monitor Apache Servers.lnk - c:\arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2008-12-10 41042]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"d:\\Arquivos de programas\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3306:TCP"= 3306:TCP:MySQL Server

R2 Apache2.2;Apache2.2;c:\arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe [10/12/2008 01:10 24636]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [3/9/2009 11:02 845184]

S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]

.

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\slx6amca.default\

FF - prefs.js: browser.startup.homepage - hxxp://br.yahoo.com/

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\slx6amca.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}\components\GbMzhAbn.dll

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\slx6amca.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-01 06:59

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????????????

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]

"ImagePath"="\"c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\arquivos de programas\MySQL\MySQL Server 5.1\my.ini\" MySQL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(2820)

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\arquivos de programas\Skype\Plugin Manager\skypePM.exe

c:\arquivos de programas\Megacubo\megacubo.exe

c:\arquivos de programas\Megacubo\megacubo.exe

c:\arquivos de programas\notepad++\unicode\notepad++.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-12-01 07:01 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-12-01 09:01

Pré-execução: 7 pasta(s) 94.427.832.320 bytes disponíveis

Pós execução: 10 pasta(s) 94.395.879.424 bytes disponíveis

- - End Of File - - AEB3AFE727E90A7342B3641EDBDE7E73

DigRam · Dezembro 1, 2009

Bom Dia! William Bruno

<@> Baixe: < JavaRa >

<@> Dê um duplo-clique no JavaRa.exe --> Clique em Search For Updates.

<@> Selecione a opção Update Using jucheck.exe --> Clique no botão Search.

<@> Se estiver atualizado,receberá um aviso confirmando a última versão.

<@> Caso contrário,aguarde a nova versão do Java ser baixada e instalada.

<@> Clique no botão "Remove Older Versions" --> Aguarde!

<><><><><><><><><><><>

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK.

< >

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<><><><><><><><><><><>

<@> Abra o OTM --> Clique em < > :seta: Aguarde! --> Yes.

<><><><><><><><><><><>

<@> Ps: Caso queira manter o UsbFix,na prevenção/desinfecção de suas unidades removíveis,esteja à par de suas opções:

Opção 1: Irá apenas procurar por infecções nas unidades, tanto unidades de mídias removíveis quanto no disco rígido do OSOpção 2: Irá remover as infecções dos discos, caso haja - Utilize esta opção somente se realmente houver infecçõesOpção 3: Irá vacinar os discos (tanto removível quanto o do Windows) criando uma pasta Autorun.inf em cada um - Esta opção deve ser utilizada apenas como forma de prevenção, se por acaso utilizou a opção 2 para a remoção das infecções não precisa usar esta opção, pois após a remoção a vacina já é feitaOpção 4: Irá apenas listar os arquivos que estão nos discos para que você faça a análise, é como o HijackThisOpção 5: Desinstala o UsbFix do computadorOpção 6: Fecha a tela do UsbFix

<!> Caso,ainda,queira o escaneamento online ( EsetNod32 ),pode realizá-lo.

<!> Seus logs estão limpos! :bye:

<!> Tudo Ok?

Abraços!

William Bruno · Dezembro 1, 2009

<!> Seus logs estão limpos! :bye:

<!> Tudo Ok?

Opa! que bom!!

Okay !! :lol:

Obrigado DigRam !

Abraço !!

DigRam · Dezembro 1, 2009

PROBLEMA RESOLVIDO!

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Arquivado

[Resolvido!] PC travando

Recommended Posts

William Bruno 1501

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

William Bruno 1501

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

William Bruno 1501

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

William Bruno 1501

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

William Bruno 1501

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

William Bruno 1501

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

William Bruno 1501

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

William Bruno 1501

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

William Bruno 1501

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

William Bruno 1501

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144