[Resolvido!] Virus kht, khu, khw... sai mas volta!

[Jota Tiros 0]

Olá,

 

Meu PC está conectado a uma rede aqui na empresa onde trabalho, e alguns virus com nomes kht, khw ... e jyhkwnm (estes com icones do NERO, JPG ou uma camera digital) infestaram minha máquina. Geralmente aparecem em pastas compartilhadas, são "facilmente" deletáveis, mas voltam alguns minutos depois.

 

Sei que o ideal seria uma mega operação de desinfecção, colocando todas as máquinas offline em relação ao servidor e limpar uma de cada vez. Mas não dá pra fazer isto pois a empresa a que me referi é a Prefeitura, que não pode simplesmente ser desligada, ligada e religada logo após (por causa da maldita burocracia).

 

Enfim, há algum modo ou programa (tipo um firewall ou qualquer coisa assim), que eu possa instalar no meu PC para protegê-lo? Há como "imunizar" a máquina para que não volte a acontecer?

 

Segue um log do HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:32:26, on 25/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\AVG\AVG9\avgemc.exe

C:\Arquivos de programas\AVG\AVG9\avgam.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\AutorunRemover\AutorunRemover.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hijack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Arquivos de programas\AutorunRemover\AutorunRemover.exe -Hide

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{6DC2657B-8D53-4405-9553-2210BE598015}: NameServer = 201.16.252.2

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgemc.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Google Update Service (gupdate1caa593386fee70) (gupdate1caa593386fee70) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 8156 bytes

[wings 22]

Boa tarde....

 

*Baixe o USBFix e salve-o no desktop

*Desative temporariamente seu antivírus

 

Iniciar > Programas > AVG

Abra a Interface do usuário do AVG

Clique duas vezes na Proteção Residente

Desmarque a opção "Proteção Residente ativa"

Salve as alterações

*Espete o Pendrive no PC

*Duplo clique em UsbFix

*Tecle P > [ENTER]

*Tecle 1 > [ENTER] e aguarde o término

*Remova o Pendrive

*Cole o relatório criado em C:\UsbFix.txt

[Jota Tiros 0]

Boa tarde....

 

*Baixe o USBFix'>http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe"]USBFix e salve-o no desktop

*Desative temporariamente seu antivírus

 

Iniciar > Programas > AVG

Abra a Interface do usuário do AVG

Clique duas vezes na Proteção Residente

Desmarque a opção "Proteção Residente ativa"

Salve as alterações

*Espete o Pendrive no PC

*Duplo clique em UsbFix

*Tecle P > [ENTER]

*Tecle 1 > [ENTER] e aguarde o término

*Remova o Pendrive

*Cole o relatório criado em C:\UsbFix.txt

 

Wings,

Valeu pela orientação, fiz mas não adiantou. Pq o pendrive? Ele está limpo.

E os virus continuam aparecendo. Aqui tem um PrintScreen com os virus na pasta doc. compartilhados, talvez ajude:

 

http://i50.tinypic.com/28b90dx.jpg

 

São esses virus aí que estão me enchendo a paciência. Depois de deletados é questão de 5 minutos para aparecerem novamente.

 

Relatório UsbFix:

############################## | UsbFix V6.097 |

 

User : Projetos 01 (Administradores) # PROJETOS01

Update on 20/02/2010 by El Desaparecido , C_XX & Chimay8

Start at: 14:19:06 | 25/2/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

Intel® Celeron® CPU E1400 @ 2.00GHz

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 7.0.5730.11

Windows Firewall Status : Enabled

AV : AVG Internet Security 3-pack 9.0 [ (!) Disabled | Updated ]

 

A:\ -> Unidade de disquete de 3 1/2 polegadas

C:\ -> Disco fixo local # 149,04 Go (116,59 Go free) # NTFS

D:\ -> Disco CD-ROM

E:\ -> Disco removível # 3,73 Go (2,21 Go free) [JORDANO] # FAT32

 

############################## | Processos activos |

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\AVG\AVG9\avgemc.exe

C:\Arquivos de programas\AVG\AVG9\avgam.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\AutorunRemover\AutorunRemover.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

################## | Ficheiros # pastas infeciosos |

 

 

################## | Registro |

 

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoResolveSearch"

 

################## | Mountpoints2 |

 

HKCU\..\..\Explorer\MountPoints2\{8062f3c2-10b8-11df-b6dd-00012e0d0469}

ShEll\AutoRun\command =E:\pWPyvm.exE

ShEll\oPEn\COmmand =E:\PWpYVm.EXe

 

HKCU\..\..\Explorer\MountPoints2\{8062f3c3-10b8-11df-b6dd-00012e0d0469}

Shell\AutoRun\command =E:\LaunchU3.exe -a

 

################## | Vaccin |

 

(!) Este computador não é vacinada!

 

################## | ! Fim do relatório # UsbFix V6.097 ! |

 

 

 

Alguém me ajude pelo amor de Deus!!!

[wings 22]

Estes tipos de arquivos geralmente são contaminações via USB. Por isso solicitei.

 

1.

*Espete novamente o Pendrive no PC

*Duplo clique em UsbFix

*Tecle P > [ENTER]

*Tecle 2 > [ENTER] e aguarde o término

*Remova o Pendrive

 

2.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop:

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as unidades (C:\ e D:\) a serem examinadas

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Selecione todos os resultados e clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta, assim como o relatório criado em C:\UsbFix.txt

[Jota Tiros 0]

Estes tipos de arquivos geralmente são contaminações via USB. Por isso solicitei.

 

1.

*Espete novamente o Pendrive no PC

*Duplo clique em UsbFix

*Tecle P > [ENTER]

*Tecle 2 > [ENTER] e aguarde o término

*Remova o Pendrive

 

2.

*Baixe o MalwareBytes'>http://www.filehippo.com/download_malwarebytes_anti_malware/"]MalwareBytes Anti-malware e salve-o no desktop:

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as unidades (C:\ e D:\) a serem examinadas

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Selecione todos os resultados e clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta, assim como o relatório criado em C:\UsbFix.txt

Wings,

Passo 1. feito aí vai o log:

 

 

############################## | UsbFix V6.097 |

 

User : Projetos 01 (Administradores) # PROJETOS01

Update on 20/02/2010 by El Desaparecido , C_XX & Chimay8

Start at: 09:45:00 | 26/2/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

Intel® Celeron® CPU E1400 @ 2.00GHz

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 7.0.5730.11

Windows Firewall Status : Enabled

AV : AVG Internet Security 3-pack 9.0 [ (!) Disabled | Updated ]

 

A:\ -> Unidade de disquete de 3 1/2 polegadas

C:\ -> Disco fixo local # 149,04 Go (116,52 Go free) # NTFS

D:\ -> Disco CD-ROM

E:\ -> Disco removível # 3,73 Go (2,21 Go free) [JORDANO] # FAT32

 

############################## | Processos activos |

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\logonui.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\AVG\AVG9\avgam.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\Arquivos de programas\AVG\AVG9\avgemc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

################## | Ficheiros # pastas infeciosos |

 

Supprimido ! C:\Documents and Settings\Projetos 01\pwpyvm.exe

Supprimido ! C:\Recycler\S-1-5-21-746137067-1677128483-1957994488-1003

 

################## | Registro |

 

Supprimido ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoResolveSearch"

 

################## | Mountpoints2 |

 

Supprimido ! HKCU\...\Explorer\MountPoints2\{8062f3c2-10b8-11df-b6dd-00012e0d0469}\Shell\AutoRun\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{8062f3c3-10b8-11df-b6dd-00012e0d0469}\Shell\AutoRun\Command

 

################## | Listing |

 

[02/02/2010 08:55|--a------|0] C:\AUTOEXEC.BAT

[02/02/2010 08:51|---hs----|211] C:\boot.ini

[28/10/2001 11:06|-rahs----|4952] C:\Bootfont.bin

[02/02/2010 08:55|--a------|0] C:\CONFIG.SYS

[02/02/2010 08:55|-rahs----|0] C:\IO.SYS

[02/02/2010 08:55|-rahs----|0] C:\MSDOS.SYS

[13/04/2008 08:43|-rahs----|47564] C:\NTDETECT.COM

[13/04/2008 10:31|-rahs----|251696] C:\ntldr

[?|?|?] C:\pagefile.sys

[26/02/2010 09:46|--a------|3286] C:\UsbFix.txt

[07/01/2010 09:39|--a------|645120] E:\_OR€AMENTO_PERCENTUAIS_QCI_CRONOGRAMA_AFARMACIA_DE_MINAS.xls

[01/09/2009 15:31|--a------|3678043] E:\Acessibilidade.pdf

[14/09/2009 14:40|--a------|56564] E:\AFWqualquercoisa.pwd

[13/10/2009 10:50|--a------|23040] E:\Ao Delegado de Pol¡cia Dr.doc

[01/09/2009 15:32|--a------|741982] E:\cad-1.pdf

[01/09/2009 15:32|--a------|6675202] E:\cad-2.pdf

[01/09/2009 15:32|--a------|1762221] E:\cad-3.pdf

[01/09/2009 15:32|--a------|2343012] E:\cad-4.pdf

[01/09/2009 15:32|--a------|1830298] E:\cad-5.pdf

[01/09/2009 15:31|--a------|2710655] E:\cad-6.pdf

[16/11/2009 13:06|--a------|116] E:\cancelahp.BAT

[13/01/2010 14:28|--a------|34702] E:\CAPA PROCESSO[1].docx

[26/01/2010 10:21|--a------|3129856] E:\CROQUI_RUAS_DRENAGEM_pluvial.doc

[28/09/2009 15:18|--a------|107] E:\email.txt

[05/01/2010 15:33|--a------|24064] E:\Favoritos recentes.doc

[26/11/2009 10:52|--a------|547416] E:\GoogleEarthWin.exe

[28/08/2009 19:50|--a------|43258211] E:\Manual de Projeto Geomtrico.pdf

[16/07/2009 14:12|--a------|3259488] E:\manual_drenagem_rodovias.pdf

[28/08/2009 17:59|--a------|5999176] E:\ManualSinalizacaoRodoviaria.pdf

[14/10/2009 15:48|--a------|205312] E:\Or‡amento Rede pluvial.xls

[14/10/2009 15:47|--a------|298496] E:\OR€AMENTO_PERCENTUAIS_QCI_CRONOGRAMA FF 14_10_2009_ µGUAS PLUVIAIS.xls

[27/08/2009 13:50|--a------|291328] E:\OR€AMENTO_PERCENTUAIS_QCI_CRONOGRAMA FF 27_08_2009 TIROS.xls

[12/01/2010 14:10|--a------|23040] E:\ORGANIZAۂO PROCESSUAL.doc

[11/09/2009 14:07|--a------|46592] E:\PAPEL TIMBRADO A4 TIROS 03_04_2009.doc

[09/09/2009 13:44|--a------|1556087] E:\preco_setop_triangulo.pdf

[26/08/2009 17:50|--a------|185511] E:\PREFEITURA DE TIROS - GERAL COM CURVAS DE NÖVEL 26_8_2009.dwg

[14/10/2009 14:08|--ah-----|73] E:\PREFEITURA DE TIROS - GERAL COM CURVAS DE NÖVEL 26_8_2009.dwl

[14/10/2009 14:08|--ah-----|223] E:\PREFEITURA DE TIROS - GERAL COM CURVAS DE NÖVEL 26_8_2009.dwl2

[13/11/2009 15:44|--a------|142336] E:\PT_Asfalto_Tiros_09_09.doc

[27/08/2009 11:00|--a------|95232] E:\RUAS ASFALTO sinaliza‡Æo-placa identifica‡Æo ruas-rampas TIROS 27_08_2009.xls

[30/09/2009 14:45|--a------|84368] E:\Ruas para Asfaltar - Tiros.dwg

[27/08/2009 16:08|--a------|778971] E:\SINAPI JUL_09.pdf

[18/09/2009 10:18|--a------|776662] E:\SINAPI_MG_AGO09.pdf

[13/01/2010 15:13|--a------|36972] E:\TERMO DE ABERTURA PROCESSO.docx

[25/08/2009 15:06|--a------|30208] E:\Tiros ‚ um munic¡pio do estado de Minas Gerais.doc

[18/11/2009 15:08|--a------|229376] E:\Tutorial.doc

[22/02/2010 12:14|--a------|3439616] E:\TRABALHO EM GRUPO.ppt

 

################## | Vaccinação |

 

# C:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

# E:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

 

################## | Upload |

 

Favor enviar o arquivo : C:\UsbFix_Upload_Me_PROJETOS01.zip : http://chiquitine.changelog.fr/Sample/Upload.php

Obrigado pela sua contribuição .

 

################## | ! Fim do relatório # UsbFix V6.097 ! |

 

Passo 2. feito aí vai o log:

 

Malwarebytes' Anti-Malware 1.44

Versão do banco de dados: 3795

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

 

26/2/2010 10:15:02

mbam-log-2010-02-26 (10-15-02).txt

 

Tipo de Verificação: Completa (C:\|E:\|)

Objetos verificados: 166921

Tempo decorrido: 18 minute(s), 3 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 2

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

[wings 22]

1.

*Duplo clique em UsbFix

*Tecle P > [ENTER]

*Tecle 5 > [ENTER]

 

2.

*Abra o programa Malwarebytes e na aba [Quarentena], selecione todos os resultados e clique em [Remover tudo]

*Clique na aba [Logs], selecione o relatório e clique em [Remover]

 

3.

*Desative temporariamente seu antivírus

 

Iniciar > Programas > AVG

Abra a Interface do usuário do AVG

Clique duas vezes na Proteção Residente

Desmarque a opção "Proteção Residente ativa"

Salve as alterações

*Baixe o ComboFix e salve-o no desktop

*Duplo-clique no arquivo Combofix.exe

*Aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso não esteja, uma janela conforme abaixo será aberta. Clique em [sIM] para aceitar a instalação do mesmo.

 

 

*Após a instalação, clique em [sIM] para continuar.

 

 

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente

 

*Cole o relatório criado em C:\combofix.txt

[Jota Tiros 0]

1.

*Duplo clique em UsbFix

*Tecle P > [ENTER]

*Tecle 5 > [ENTER]

 

2.

*Abra o programa Malwarebytes e na aba [Quarentena], selecione todos os resultados e clique em [Remover tudo]

*Clique na aba [Logs], selecione o relatório e clique em [Remover]

 

3.

*Desative temporariamente seu antivírus

 

Iniciar > Programas > AVG

Abra a Interface do usuário do AVG

Clique duas vezes na Proteção Residente

Desmarque a opção "Proteção Residente ativa"

Salve as alterações

*Baixe o ComboFix'>http://download.bleepingcomputer.com/sUBs/ComboFix.exe"]ComboFix e salve-o no desktop

*Duplo-clique no arquivo Combofix.exe

*Aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso não esteja, uma janela conforme abaixo será aberta. Clique em [sIM] para aceitar a instalação do mesmo.

 

 

*Após a instalação, clique em [sIM] para continuar.

 

 

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente

 

*Cole o relatório criado em C:\combofix.txt

Wings,

Passo 1 feito, log UsbFix:

 

 

############################## | UsbFix V6.097 |

 

User : Projetos 01 (Administradores) # PROJETOS01

Update on 20/02/2010 by El Desaparecido , C_XX & Chimay8

Start at: 12:17:57 | 26/2/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

Intel® Celeron® CPU E1400 @ 2.00GHz

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 7.0.5730.11

Windows Firewall Status : Enabled

AV : AVG Internet Security 3-pack 9.0 [ Enabled | Updated ]

 

A:\ -> Unidade de disquete de 3 1/2 polegadas

C:\ -> Disco fixo local # 149,04 Go (116,52 Go free) # NTFS

D:\ -> Disco CD-ROM

E:\ -> Disco removível # 3,73 Go (2,21 Go free) [JORDANO] # FAT32

 

###################### | Listing dos ficheiros presentes C:\ |

 

[02/02/2010 08:55|--a------|0] - C:\AUTOEXEC.BAT

[02/02/2010 08:51|---hs----|211] - C:\boot.ini

[28/10/2001 11:06|-rahs----|4952] - C:\Bootfont.bin

[02/02/2010 08:55|--a------|0] - C:\CONFIG.SYS

[02/02/2010 08:55|-rahs----|0] - C:\IO.SYS

[02/02/2010 08:55|-rahs----|0] - C:\MSDOS.SYS

[13/04/2008 08:43|-rahs----|47564] - C:\NTDETECT.COM

[13/04/2008 10:31|-rahs----|251696] - C:\ntldr

[?|?|?] - C:\pagefile.sys

[26/02/2010 12:17|--a------|1224] - C:\UsbFix.txt

[26/02/2010 09:46|--a------|452757] - C:\UsbFix_Upload_Me_PROJETOS01.zip

 

###################### | Listing das pastas presentes C:\ |

 

[02/02/2010 13:03|d--h-----|0] - C:\$AVG

[26/02/2010 10:24|dr-------|0] - C:\Arquivos de programas

[26/02/2010 09:46|drahs----|0] - C:\autorun.inf

[02/02/2010 08:59|d--------|0] - C:\Documents and Settings

[25/02/2010 12:32|d--------|0] - C:\Hijack

[23/02/2010 09:02|d--------|0] - C:\LinhaDefensiva

[02/02/2010 09:56|dr-h-----|0] - C:\MSOCache

[26/02/2010 10:54|d--hs----|0] - C:\RECYCLER

[26/02/2010 10:16|d--hs----|0] - C:\System Volume Information

[26/02/2010 12:17|d--------|0] - C:\UsbFix

[26/02/2010 10:23|d--------|0] - C:\WINDOWS

 

###################### | Listing dos ficheiros presentes E:\ |

 

[07/01/2010 09:39|--a------|645120] - E:\_OR€AMENTO_PERCENTUAIS_QCI_CRONOGRAMA_AFARMACIA_DE_MINAS.xls

[01/09/2009 15:31|--a------|3678043] - E:\Acessibilidade.pdf

[14/09/2009 14:40|--a------|56564] - E:\AFWqualquercoisa.pwd

[13/10/2009 10:50|--a------|23040] - E:\Ao Delegado de Pol¡cia Dr.doc

[01/09/2009 15:32|--a------|741982] - E:\cad-1.pdf

[01/09/2009 15:32|--a------|6675202] - E:\cad-2.pdf

[01/09/2009 15:32|--a------|1762221] - E:\cad-3.pdf

[01/09/2009 15:32|--a------|2343012] - E:\cad-4.pdf

[01/09/2009 15:32|--a------|1830298] - E:\cad-5.pdf

[01/09/2009 15:31|--a------|2710655] - E:\cad-6.pdf

[16/11/2009 13:06|--a------|116] - E:\cancelahp.BAT

[13/01/2010 14:28|--a------|34702] - E:\CAPA PROCESSO[1].docx

[26/01/2010 10:21|--a------|3129856] - E:\CROQUI_RUAS_DRENAGEM_pluvial.doc

[28/09/2009 15:18|--a------|107] - E:\email.txt

[05/01/2010 15:33|--a------|24064] - E:\Favoritos recentes.doc

[26/11/2009 10:52|--a------|547416] - E:\GoogleEarthWin.exe

[28/08/2009 19:50|--a------|43258211] - E:\Manual de Projeto Geomtrico.pdf

[16/07/2009 14:12|--a------|3259488] - E:\manual_drenagem_rodovias.pdf

[28/08/2009 17:59|--a------|5999176] - E:\ManualSinalizacaoRodoviaria.pdf

[14/10/2009 15:48|--a------|205312] - E:\Or‡amento Rede pluvial.xls

[14/10/2009 15:47|--a------|298496] - E:\OR€AMENTO_PERCENTUAIS_QCI_CRONOGRAMA FF 14_10_2009_ µGUAS PLUVIAIS.xls

[27/08/2009 13:50|--a------|291328] - E:\OR€AMENTO_PERCENTUAIS_QCI_CRONOGRAMA FF 27_08_2009 TIROS.xls

[12/01/2010 14:10|--a------|23040] - E:\ORGANIZAۂO PROCESSUAL.doc

[11/09/2009 14:07|--a------|46592] - E:\PAPEL TIMBRADO A4 TIROS 03_04_2009.doc

[09/09/2009 13:44|--a------|1556087] - E:\preco_setop_triangulo.pdf

[26/08/2009 17:50|--a------|185511] - E:\PREFEITURA DE TIROS - GERAL COM CURVAS DE NÖVEL 26_8_2009.dwg

[14/10/2009 14:08|--ah-----|73] - E:\PREFEITURA DE TIROS - GERAL COM CURVAS DE NÖVEL 26_8_2009.dwl

[14/10/2009 14:08|--ah-----|223] - E:\PREFEITURA DE TIROS - GERAL COM CURVAS DE NÖVEL 26_8_2009.dwl2

[13/11/2009 15:44|--a------|142336] - E:\PT_Asfalto_Tiros_09_09.doc

[27/08/2009 11:00|--a------|95232] - E:\RUAS ASFALTO sinaliza‡Æo-placa identifica‡Æo ruas-rampas TIROS 27_08_2009.xls

[30/09/2009 14:45|--a------|84368] - E:\Ruas para Asfaltar - Tiros.dwg

[27/08/2009 16:08|--a------|778971] - E:\SINAPI JUL_09.pdf

[18/09/2009 10:18|--a------|776662] - E:\SINAPI_MG_AGO09.pdf

[13/01/2010 15:13|--a------|36972] - E:\TERMO DE ABERTURA PROCESSO.docx

[25/08/2009 15:06|--a------|30208] - E:\Tiros ‚ um munic¡pio do estado de Minas Gerais.doc

[18/11/2009 15:08|--a------|229376] - E:\Tutorial.doc

[22/02/2010 12:14|--a------|3439616] - E:\TRABALHO EM GRUPO.ppt

 

###################### | Listing das pastas presentes E:\ |

 

[29/01/2010 15:06|d--------|0] - E:\2

[29/01/2010 15:06|d--------|0] - E:\Codevasf

[29/01/2010 15:06|d--------|0] - E:\DER TOCANTINS ESTRADAS VICINAIS

[29/01/2010 15:06|d--------|0] - E:\FirefoxPortable

[24/02/2010 10:21|d--------|0] - E:\Jose leles

[29/01/2010 15:07|d--------|0] - E:\Imagens

[29/01/2010 15:09|d--------|0] - E:\Imprimir

[29/01/2010 15:09|d--------|0] - E:\Min. planejamento

[29/01/2010 15:09|d--------|0] - E:\Musica

[29/01/2010 15:09|d--------|0] - E:\Programas

[29/01/2010 15:11|d--------|0] - E:\Pr¢-Munic¡pios

[29/01/2010 15:11|d--------|0] - E:\Scanner

[29/01/2010 15:11|d--------|0] - E:\SINAPI

[29/01/2010 15:12|d--------|0] - E:\Videosinhos

[29/01/2010 15:12|d--------|0] - E:\X Exposi‡Æo Agr

[26/02/2010 09:46|d-ahs----|0] - E:\autorun.inf

[01/02/2010 09:38|d--------|0] - E:\Prest. conts SETOP

[26/02/2010 10:54|dr-hs----|0] - E:\RECYCLER

[05/02/2010 11:03|d--------|0] - E:\Fotos

 

################## | ! Fim do relatório # UsbFix V6.097 ! |

 

Passo 2 feito.

Passo 3 feito, Log ComboFix:

ComboFix 10-02-25.02 - Projetos 01 26/02/2010 12:24:49.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1022.413 [GMT -3:00]

Executando de: c:\documents and settings\Projetos 01\Desktop\ComboFix.exe

AV: AVG Internet Security 3-pack *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\srchasst\nls302en.lex

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-26 to 2010-02-26 ))))))))))))))))))))))))))))

.

 

2010-02-26 12:53 . 2010-02-26 12:53 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\Malwarebytes

2010-02-26 12:53 . 2010-01-07 19:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-26 12:53 . 2010-02-26 12:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-02-26 12:53 . 2010-02-26 12:53 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-02-26 12:53 . 2010-01-07 19:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-26 12:46 . 2010-02-26 12:46 452757 ----a-w- C:\UsbFix_Upload_Me_PROJETOS01.zip

2010-02-25 17:14 . 2010-02-26 15:17 -------- d-----w- C:\UsbFix

2010-02-25 15:24 . 2010-02-25 15:24 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\Media Player Classic

2010-02-25 15:12 . 2010-02-25 15:12 -------- d-----w- c:\arquivos de programas\Flv Audio Video Extractor

2010-02-25 13:49 . 2010-02-25 15:32 -------- d-----w- C:\Hijack

2010-02-25 13:12 . 2010-02-25 13:13 -------- d-----w- c:\arquivos de programas\XP Codec Pack

2010-02-24 12:02 . 2010-02-24 12:02 -------- d-----w- c:\arquivos de programas\CCleaner

2010-02-23 12:01 . 2010-02-23 12:02 -------- d-----w- C:\LinhaDefensiva

2010-02-22 18:19 . 2010-02-26 13:06 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\Ahead

2010-02-22 12:21 . 2010-02-22 12:21 -------- d-----w- c:\arquivos de programas\GPLGS

2010-02-22 12:19 . 2009-11-05 11:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll

2010-02-22 12:19 . 2010-02-22 12:19 -------- d-----w- c:\arquivos de programas\Acro Software

2010-02-09 11:54 . 2010-02-09 11:54 -------- d-----w- c:\arquivos de programas\SIMBRASIL 3.03

2010-02-08 11:04 . 2010-02-08 11:04 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-08 11:04 . 2010-02-08 11:04 152576 ----a-w- c:\documents and settings\Projetos 01\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll

2010-02-08 10:59 . 2010-02-08 10:59 79488 ----a-w- c:\documents and settings\Projetos 01\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll

2010-02-08 10:58 . 2010-02-25 12:02 -------- d-----w- c:\arquivos de programas\Unlocker

2010-02-04 15:55 . 2010-02-04 15:55 -------- d-----w- c:\arquivos de programas\Tekhnelogos

2010-02-04 12:11 . 2010-02-18 16:21 -------- d-----w- c:\arquivos de programas\Google

2010-02-03 11:44 . 2007-10-23 11:27 110592 ----a-w- c:\documents and settings\Projetos 01\Dados de aplicativos\U3\temp\cleanup.exe

2010-02-03 11:43 . 2008-05-02 12:41 3493888 ---ha-w- c:\documents and settings\Projetos 01\Dados de aplicativos\U3\temp\Launchpad Removal.exe

2010-02-03 11:43 . 2010-02-03 11:44 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\U3

2010-02-02 16:39 . 2010-02-02 16:39 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\AVG9

2010-02-02 14:49 . 2010-02-02 14:49 -------- d-----w- c:\windows\Sun

2010-02-02 14:29 . 2010-02-02 14:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\IObit

2010-02-02 14:27 . 2010-02-02 14:45 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\IObit

2010-02-02 14:27 . 2010-02-02 14:27 -------- d-----w- c:\arquivos de programas\IObit

2010-02-02 13:31 . 2008-04-13 21:20 26624 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2010-02-02 13:31 . 2008-04-13 21:20 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-02-02 13:31 . 2010-02-02 13:31 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2010-02-02 13:30 . 2010-02-25 11:58 -------- d-----w- c:\windows\system32\LogFiles

2010-02-02 13:30 . 2010-02-02 13:30 -------- d-----w- c:\windows\system32\drivers\UMDF

2010-02-02 13:30 . 2006-09-25 19:58 23856 ----a-w- c:\windows\system32\spupdsvc.exe

2010-02-02 13:22 . 2010-02-02 12:47 877848 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.exe

2010-02-02 13:22 . 2010-02-02 12:47 1657112 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.dll

2010-02-02 13:22 . 2010-02-02 12:47 798488 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avginet.dll

2010-02-02 13:22 . 2010-02-02 12:47 613656 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgiproxy.exe

2010-02-02 13:09 . 2010-02-02 13:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-02-02 13:01 . 2010-02-02 13:01 -------- d-----w- c:\arquivos de programas\AnswerWorks 4.0

2010-02-02 13:00 . 2010-02-02 13:02 -------- d-----w- c:\arquivos de programas\AutoCAD 2007

2010-02-02 13:00 . 2010-02-02 13:00 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\Autodesk

2010-02-02 13:00 . 2010-02-02 13:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Autodesk

2010-02-02 13:00 . 2006-10-26 21:58 30512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll

2010-02-02 13:00 . 2006-10-26 21:58 30512 ----a-w- c:\windows\system32\mdimon.dll

2010-02-02 12:59 . 2010-02-02 12:59 -------- d-----w- c:\arquivos de programas\Microsoft Works

2010-02-02 12:58 . 2010-02-02 13:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Autodesk Shared

2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\arquivos de programas\Autodesk

2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\arquivos de programas\Microsoft.NET

2010-02-02 12:56 . 2010-02-02 12:56 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-02-02 12:56 . 2010-02-02 12:59 -------- d-----w- c:\windows\SHELLNEW

2010-02-02 12:56 . 2010-02-02 13:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-02-02 12:56 . 2010-02-02 12:56 -------- d-----r- C:\MSOCache

2010-02-02 12:51 . 2010-02-25 18:44 -------- d-----w- c:\documents and settings\Projetos 01\Tracing

2010-02-02 12:50 . 2010-02-02 12:50 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2010-02-02 12:49 . 2010-02-02 12:49 -------- d-----w- c:\arquivos de programas\Microsoft

2010-02-02 12:49 . 2010-02-02 12:49 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2010-02-02 12:49 . 2010-02-02 12:50 -------- d-----w- c:\arquivos de programas\Windows Live

2010-02-02 12:48 . 2010-02-02 16:03 -------- d-----w- C:\$AVG

2010-02-02 12:48 . 2010-02-02 13:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-02-02 12:48 . 2010-02-02 12:48 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2010-02-02 12:48 . 2010-02-02 12:48 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-02-02 12:47 . 2010-02-02 12:47 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-02-02 12:47 . 2010-02-02 13:37 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-02-02 12:47 . 2010-02-26 12:01 -------- d-----w- c:\windows\system32\drivers\Avg

2010-02-02 12:47 . 2010-02-02 12:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2010-02-02 12:47 . 2010-02-02 12:47 -------- d-----w- c:\arquivos de programas\AVG

2010-02-02 12:47 . 2010-02-02 12:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2010-02-02 12:44 . 2010-02-03 11:41 -------- d-----w- c:\arquivos de programas\AutorunRemover

2010-02-02 12:42 . 2008-04-13 13:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

2010-02-02 12:40 . 2010-02-09 11:17 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-02-02 12:39 . 2010-02-02 12:39 -------- d-----w- c:\arquivos de programas\CHANGJIE

2010-02-02 12:39 . 2010-02-02 12:39 -------- d-----w- c:\arquivos de programas\TCIME

2010-02-02 12:39 . 2010-02-02 12:39 -------- d-----w- c:\arquivos de programas\SCIME

2010-02-02 12:39 . 2010-02-02 12:39 -------- d-----w- c:\arquivos de programas\KOIME

2010-02-02 12:38 . 2010-02-02 12:38 -------- d-----w- c:\windows\LHSP

2010-02-02 12:36 . 2002-02-18 12:23 46352 ----a-w- c:\windows\setdebug.exe

2010-02-02 12:36 . 2002-02-18 12:22 171280 ----a-w- c:\windows\system32\jit.dll

2010-02-02 12:36 . 2002-02-18 12:22 139536 ----a-w- c:\windows\system32\javaee.dll

2010-02-02 12:36 . 2002-02-18 09:35 6550 ----a-w- c:\windows\jautoexp.dat

2010-02-02 12:36 . 2002-02-18 09:34 313856 ----a-w- c:\windows\system32\dx3j.dll

2010-02-02 12:33 . 2008-08-01 03:36 54784 ----a-r- c:\windows\system32\drivers\NVENETFD.sys

2010-02-02 12:33 . 2008-08-01 03:35 200704 ----a-r- c:\windows\system32\fdco1ins.dll

2010-02-02 12:33 . 2008-08-01 03:35 200704 ----a-r- c:\windows\system32\fdco1.dll

2010-02-02 12:33 . 2008-07-07 17:45 4984 ----a-r- c:\windows\system32\drivers\nvphy.bin

2010-02-02 12:33 . 2008-07-29 05:33 446464 ----a-w- c:\windows\system32\nvunrm.exe

2010-02-02 12:33 . 2008-08-01 03:34 9216 ----a-r- c:\windows\system32\bdco1ins.dll

2010-02-02 12:33 . 2008-08-01 03:34 9216 ----a-r- c:\windows\system32\bdco1.dll

2010-02-02 12:33 . 2008-07-29 05:33 122880 ----a-r- c:\windows\system32\nvconrm.dll

2010-02-02 12:33 . 2008-08-01 03:36 22016 ----a-r- c:\windows\system32\drivers\nvnetbus.sys

2010-02-02 12:33 . 2008-08-01 03:35 955520 ----a-r- c:\windows\system32\drivers\nvnrm.sys

[wings 22]

1. Observe que eu solicitei para clicar 5 e não 1

*Duplo clique em UsbFix

*Tecle P > [ENTER]

*Tecle 5 > [ENTER]

 

2. O log do Combofix está incompleto

 

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

 

DeQuarantine::

C:\Qoobox\Quarantine\C\windows\srchasst\nls302en.lex.vir

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

 

*Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N ou 2.

 

*Cole o relatório criado em C:\combofix.txt, na íntegra!

[Jota Tiros 0]

Passo 1.

Desculpe Wings mas clicando no 5, que é 'Listing', aparece é isso mesmo(1-Procura, 2-Exclusão, 3-Vaccinação, 4-Exclusão<MSE>, 5-Listing, 6-Desinstalar e Q-Deixar). Aí vai novamente clicando no 5:

 

############################## | UsbFix V6.097 |

 

User : Projetos 01 (Administradores) # PROJETOS01

Update on 20/02/2010 by El Desaparecido , C_XX & Chimay8

Start at: 12:59:48 | 26/2/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

Intel® Celeron® CPU E1400 @ 2.00GHz

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 7.0.5730.11

Windows Firewall Status : Enabled

AV : AVG Internet Security 3-pack 9.0 [ (!) Disabled | Updated ]

 

A:\ -> Unidade de disquete de 3 1/2 polegadas

C:\ -> Disco fixo local # 149,04 Go (116,45 Go free) # NTFS

D:\ -> Disco CD-ROM

E:\ -> Disco removível # 3,73 Go (2,21 Go free) [JORDANO] # FAT32

 

###################### | Listing dos ficheiros presentes C:\ |

 

[02/02/2010 08:55|--a------|0] - C:\AUTOEXEC.BAT

[02/02/2010 08:51|--a------|211] - C:\Boot.bak

[26/02/2010 12:24|-rahs----|281] - C:\boot.ini

[28/10/2001 11:06|-rahs----|4952] - C:\Bootfont.bin

[03/08/2004 23:00|--a------|261856] - C:\cmldr

[26/02/2010 12:31|--a------|23604] - C:\ComboFix.txt

[02/02/2010 08:55|--a------|0] - C:\CONFIG.SYS

[02/02/2010 08:55|-rahs----|0] - C:\IO.SYS

[02/02/2010 08:55|-rahs----|0] - C:\MSDOS.SYS

[13/04/2008 08:43|-rahs----|47564] - C:\NTDETECT.COM

[13/04/2008 10:31|-rahs----|251696] - C:\ntldr

[?|?|?] - C:\pagefile.sys

[26/02/2010 12:59|--a------|1379] - C:\UsbFix.txt

[26/02/2010 09:46|--a------|452757] - C:\UsbFix_Upload_Me_PROJETOS01.zip

 

###################### | Listing das pastas presentes C:\ |

 

[02/02/2010 13:03|d--------|0] - C:\$AVG

[26/02/2010 10:24|dr-------|0] - C:\Arquivos de programas

[26/02/2010 09:46|dra------|0] - C:\autorun.inf

[26/02/2010 12:24|drahs----|0] - C:\cmdcons

[02/02/2010 08:59|d--------|0] - C:\Documents and Settings

[25/02/2010 12:32|d--------|0] - C:\Hijack

[23/02/2010 09:02|d--------|0] - C:\LinhaDefensiva

[02/02/2010 09:56|dr-------|0] - C:\MSOCache

[26/02/2010 12:31|d--------|0] - C:\Qoobox

[26/02/2010 10:16|d--hs----|0] - C:\System Volume Information

[26/02/2010 12:59|d--------|0] - C:\UsbFix

[26/02/2010 12:49|d--------|0] - C:\WINDOWS

 

###################### | Listing dos ficheiros presentes E:\ |

 

[07/01/2010 09:39|--a------|645120] - E:\_ORÇAMENTO_PERCENTUAIS_QCI_CRONOGRAMA_AFARMACIA_DE_MINAS.xls

[01/09/2009 15:31|--a------|3678043] - E:\Acessibilidade.pdf

[14/09/2009 14:40|--a------|56564] - E:\AFWqualquercoisa.pwd

[13/10/2009 10:50|--a------|23040] - E:\Ao Delegado de Polícia Dr.doc

[01/09/2009 15:32|--a------|741982] - E:\cad-1.pdf

[01/09/2009 15:32|--a------|6675202] - E:\cad-2.pdf

[01/09/2009 15:32|--a------|1762221] - E:\cad-3.pdf

[01/09/2009 15:32|--a------|2343012] - E:\cad-4.pdf

[01/09/2009 15:32|--a------|1830298] - E:\cad-5.pdf

[01/09/2009 15:31|--a------|2710655] - E:\cad-6.pdf

[16/11/2009 13:06|--a------|116] - E:\cancelahp.BAT

[13/01/2010 14:28|--a------|34702] - E:\CAPA PROCESSO[1].docx

[26/01/2010 10:21|--a------|3129856] - E:\CROQUI_RUAS_DRENAGEM_pluvial.doc

[28/09/2009 15:18|--a------|107] - E:\email.txt

[05/01/2010 15:33|--a------|24064] - E:\Favoritos recentes.doc

[26/11/2009 10:52|--a------|547416] - E:\GoogleEarthWin.exe

[28/08/2009 19:50|--a------|43258211] - E:\Manual de Projeto Geomtrico.pdf

[16/07/2009 14:12|--a------|3259488] - E:\manual_drenagem_rodovias.pdf

[28/08/2009 17:59|--a------|5999176] - E:\ManualSinalizacaoRodoviaria.pdf

[14/10/2009 15:48|--a------|205312] - E:\Orçamento Rede pluvial.xls

[14/10/2009 15:47|--a------|298496] - E:\ORÇAMENTO_PERCENTUAIS_QCI_CRONOGRAMA FF 14_10_2009_ ÁGUAS PLUVIAIS.xls

[27/08/2009 13:50|--a------|291328] - E:\ORÇAMENTO_PERCENTUAIS_QCI_CRONOGRAMA FF 27_08_2009 TIROS.xls

[12/01/2010 14:10|--a------|23040] - E:\ORGANIZAÇÃO PROCESSUAL.doc

[11/09/2009 14:07|--a------|46592] - E:\PAPEL TIMBRADO A4 TIROS 03_04_2009.doc

[09/09/2009 13:44|--a------|1556087] - E:\preco_setop_triangulo.pdf

[26/08/2009 17:50|--a------|185511] - E:\PREFEITURA DE TIROS - GERAL COM CURVAS DE NÍVEL 26_8_2009.dwg

[14/10/2009 14:08|--ah-----|73] - E:\PREFEITURA DE TIROS - GERAL COM CURVAS DE NÍVEL 26_8_2009.dwl

[14/10/2009 14:08|--ah-----|223] - E:\PREFEITURA DE TIROS - GERAL COM CURVAS DE NÍVEL 26_8_2009.dwl2

[13/11/2009 15:44|--a------|142336] - E:\PT_Asfalto_Tiros_09_09.doc

[27/08/2009 11:00|--a------|95232] - E:\RUAS ASFALTO sinalização-placa identificação ruas-rampas TIROS 27_08_2009.xls

[30/09/2009 14:45|--a------|84368] - E:\Ruas para Asfaltar - Tiros.dwg

[27/08/2009 16:08|--a------|778971] - E:\SINAPI JUL_09.pdf

[18/09/2009 10:18|--a------|776662] - E:\SINAPI_MG_AGO09.pdf

[13/01/2010 15:13|--a------|36972] - E:\TERMO DE ABERTURA PROCESSO.docx

[25/08/2009 15:06|--a------|30208] - E:\Tiros é um município do estado de Minas Gerais.doc

[18/11/2009 15:08|--a------|229376] - E:\Tutorial.doc

[22/02/2010 12:14|--a------|3439616] - E:\TRABALHO EM GRUPO.ppt

 

###################### | Listing das pastas presentes E:\ |

 

[29/01/2010 15:06|d--------|0] - E:\2

[29/01/2010 15:06|d--------|0] - E:\Codevasf

[29/01/2010 15:06|d--------|0] - E:\DER TOCANTINS ESTRADAS VICINAIS

[29/01/2010 15:06|d--------|0] - E:\FirefoxPortable

[24/02/2010 10:21|d--------|0] - E:\Jose leles

[29/01/2010 15:07|d--------|0] - E:\Imagens

[29/01/2010 15:09|d--------|0] - E:\Imprimir

[29/01/2010 15:09|d--------|0] - E:\Min. planejamento

[29/01/2010 15:09|d--------|0] - E:\Musica

[29/01/2010 15:09|d--------|0] - E:\Programas

[29/01/2010 15:11|d--------|0] - E:\Pró-Municípios

[29/01/2010 15:11|d--------|0] - E:\Scanner

[29/01/2010 15:11|d--------|0] - E:\SINAPI

[29/01/2010 15:12|d--------|0] - E:\Videosinhos

[29/01/2010 15:12|d--------|0] - E:\X Exposição Agr

[26/02/2010 09:46|d-ahs----|0] - E:\autorun.inf

[01/02/2010 09:38|d--------|0] - E:\Prest. conts SETOP

[26/02/2010 10:54|dr-hs----|0] - E:\RECYCLER

[05/02/2010 11:03|d--------|0] - E:\Fotos

 

################## | ! Fim do relatório # UsbFix V6.097 ! |

Passo 2.

Copiei, colei arrastei e aí vai o log:

ComboFix 10-02-25.02 - Projetos 01 26/02/2010 13:08:40.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1022.433 [GMT -3:00]

Executando de: c:\documents and settings\Projetos 01\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Projetos 01\Desktop\CFScript.txt

AV: AVG Internet Security 3-pack *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\srchasst\nls302en.lex

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-26 to 2010-02-26 ))))))))))))))))))))))))))))

.

 

2010-02-26 12:53 . 2010-02-26 12:53 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\Malwarebytes

2010-02-26 12:53 . 2010-01-07 19:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-26 12:53 . 2010-02-26 12:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-02-26 12:53 . 2010-02-26 12:53 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-02-26 12:53 . 2010-01-07 19:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-26 12:46 . 2010-02-26 12:46 452757 ----a-w- C:\UsbFix_Upload_Me_PROJETOS01.zip

2010-02-25 17:14 . 2010-02-26 16:03 -------- d-----w- C:\UsbFix

2010-02-25 15:24 . 2010-02-25 15:24 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\Media Player Classic

2010-02-25 15:12 . 2010-02-25 15:12 -------- d-----w- c:\arquivos de programas\Flv Audio Video Extractor

2010-02-25 13:49 . 2010-02-25 15:32 -------- d-----w- C:\Hijack

2010-02-25 13:12 . 2010-02-25 13:13 -------- d-----w- c:\arquivos de programas\XP Codec Pack

2010-02-24 12:02 . 2010-02-24 12:02 -------- d-----w- c:\arquivos de programas\CCleaner

2010-02-23 12:01 . 2010-02-23 12:02 -------- d-----w- C:\LinhaDefensiva

2010-02-22 18:19 . 2010-02-26 13:06 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\Ahead

2010-02-22 12:21 . 2010-02-22 12:21 -------- d-----w- c:\arquivos de programas\GPLGS

2010-02-22 12:19 . 2009-11-05 11:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll

2010-02-22 12:19 . 2010-02-22 12:19 -------- d-----w- c:\arquivos de programas\Acro Software

2010-02-09 11:54 . 2010-02-09 11:54 -------- d-----w- c:\arquivos de programas\SIMBRASIL 3.03

2010-02-08 11:04 . 2010-02-08 11:04 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-08 11:04 . 2010-02-08 11:04 152576 ----a-w- c:\documents and settings\Projetos 01\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll

2010-02-08 10:59 . 2010-02-08 10:59 79488 ----a-w- c:\documents and settings\Projetos 01\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll

2010-02-08 10:58 . 2010-02-25 12:02 -------- d-----w- c:\arquivos de programas\Unlocker

2010-02-04 15:55 . 2010-02-04 15:55 -------- d-----w- c:\arquivos de programas\Tekhnelogos

2010-02-04 12:11 . 2010-02-18 16:21 -------- d-----w- c:\arquivos de programas\Google

2010-02-03 11:44 . 2007-10-23 11:27 110592 ----a-w- c:\documents and settings\Projetos 01\Dados de aplicativos\U3\temp\cleanup.exe

2010-02-03 11:43 . 2008-05-02 12:41 3493888 ---ha-w- c:\documents and settings\Projetos 01\Dados de aplicativos\U3\temp\Launchpad Removal.exe

2010-02-03 11:43 . 2010-02-03 11:44 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\U3

2010-02-02 16:39 . 2010-02-02 16:39 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\AVG9

2010-02-02 14:49 . 2010-02-02 14:49 -------- d-----w- c:\windows\Sun

2010-02-02 14:29 . 2010-02-02 14:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\IObit

2010-02-02 14:27 . 2010-02-02 14:45 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\IObit

2010-02-02 14:27 . 2010-02-02 14:27 -------- d-----w- c:\arquivos de programas\IObit

2010-02-02 13:31 . 2008-04-13 21:20 26624 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2010-02-02 13:31 . 2008-04-13 21:20 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-02-02 13:31 . 2010-02-02 13:31 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2010-02-02 13:30 . 2010-02-25 11:58 -------- d-----w- c:\windows\system32\LogFiles

2010-02-02 13:30 . 2010-02-02 13:30 -------- d-----w- c:\windows\system32\drivers\UMDF

2010-02-02 13:30 . 2006-09-25 19:58 23856 ----a-w- c:\windows\system32\spupdsvc.exe

2010-02-02 13:22 . 2010-02-02 12:47 877848 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.exe

2010-02-02 13:22 . 2010-02-02 12:47 1657112 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.dll

2010-02-02 13:22 . 2010-02-02 12:47 798488 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avginet.dll

2010-02-02 13:22 . 2010-02-02 12:47 613656 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgiproxy.exe

2010-02-02 13:09 . 2010-02-02 13:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-02-02 13:01 . 2010-02-02 13:01 -------- d-----w- c:\arquivos de programas\AnswerWorks 4.0

2010-02-02 13:00 . 2010-02-02 13:02 -------- d-----w- c:\arquivos de programas\AutoCAD 2007

2010-02-02 13:00 . 2010-02-02 13:00 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\Autodesk

2010-02-02 13:00 . 2010-02-02 13:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Autodesk

2010-02-02 13:00 . 2006-10-26 21:58 30512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll

2010-02-02 13:00 . 2006-10-26 21:58 30512 ----a-w- c:\windows\system32\mdimon.dll

2010-02-02 12:59 . 2010-02-02 12:59 -------- d-----w- c:\arquivos de programas\Microsoft Works

2010-02-02 12:58 . 2010-02-02 13:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Autodesk Shared

2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\arquivos de programas\Autodesk

2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\arquivos de programas\Microsoft.NET

2010-02-02 12:56 . 2010-02-02 12:56 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-02-02 12:56 . 2010-02-02 12:59 -------- d-----w- c:\windows\SHELLNEW

2010-02-02 12:56 . 2010-02-02 13:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-02-02 12:56 . 2010-02-02 12:56 -------- d-----r- C:\MSOCache

2010-02-02 12:51 . 2010-02-25 18:44 -------- d-----w- c:\documents and settings\Projetos 01\Tracing

2010-02-02 12:50 . 2010-02-02 12:50 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2010-02-02 12:49 . 2010-02-02 12:49 -------- d-----w- c:\arquivos de programas\Microsoft

2010-02-02 12:49 . 2010-02-02 12:49 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2010-02-02 12:49 . 2010-02-02 12:50 -------- d-----w- c:\arquivos de programas\Windows Live

2010-02-02 12:48 . 2010-02-02 16:03 -------- d-----w- C:\$AVG

2010-02-02 12:48 . 2010-02-02 13:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-02-02 12:48 . 2010-02-02 12:48 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2010-02-02 12:48 . 2010-02-02 12:48 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-02-02 12:47 . 2010-02-02 12:47 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-02-02 12:47 . 2010-02-02 13:37 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-02-02 12:47 . 2010-02-26 12:01 -------- d-----w- c:\windows\system32\drivers\Avg

2010-02-02 12:47 . 2010-02-02 12:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2010-02-02 12:47 . 2010-02-02 12:47 -------- d-----w- c:\arquivos de programas\AVG

2010-02-02 12:47 . 2010-02-02 12:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2010-02-02 12:44 . 2010-02-03 11:41 -------- d-----w- c:\arquivos de programas\AutorunRemover

2010-02-02 12:42 . 2008-04-13 13:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

2010-02-02 12:40 . 2010-02-09 11:17 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-02-02 12:39 . 2010-02-02 12:39 -------- d-----w- c:\arquivos de programas\CHANGJIE

2010-02-02 12:39 . 2010-02-02 12:39 -------- d-----w- c:\arquivos de programas\TCIME

2010-02-02 12:39 . 2010-02-02 12:39 -------- d-----w- c:\arquivos de programas\SCIME

2010-02-02 12:39 . 2010-02-02 12:39 -------- d-----w- c:\arquivos de programas\KOIME

2010-02-02 12:38 . 2010-02-02 12:38 -------- d-----w- c:\windows\LHSP

2010-02-02 12:36 . 2002-02-18 12:23 46352 ----a-w- c:\windows\setdebug.exe

2010-02-02 12:36 . 2002-02-18 12:22 171280 ----a-w- c:\windows\system32\jit.dll

2010-02-02 12:36 . 2002-02-18 12:22 139536 ----a-w- c:\windows\system32\javaee.dll

2010-02-02 12:36 . 2002-02-18 09:35 6550 ----a-w- c:\windows\jautoexp.dat

2010-02-02 12:36 . 2002-02-18 09:34 313856 ----a-w- c:\windows\system32\dx3j.dll

2010-02-02 12:33 . 2008-08-01 03:36 54784 ----a-r- c:\windows\system32\drivers\NVENETFD.sys

2010-02-02 12:33 . 2008-08-01 03:35 200704 ----a-r- c:\windows\system32\fdco1ins.dll

2010-02-02 12:33 . 2008-08-01 03:35 200704 ----a-r- c:\windows\system32\fdco1.dll

2010-02-02 12:33 . 2008-07-07 17:45 4984 ----a-r- c:\windows\system32\drivers\nvphy.bin

2010-02-02 12:33 . 2008-07-29 05:33 446464 ----a-w- c:\windows\system32\nvunrm.exe

2010-02-02 12:33 . 2008-08-01 03:34 9216 ----a-r- c:\windows\system32\bdco1ins.dll

2010-02-02 12:33 . 2008-08-01 03:34 9216 ----a-r- c:\windows\system32\bdco1.dll

2010-02-02 12:33 . 2008-07-29 05:33 122880 ----a-r- c:\windows\system32\nvconrm.dll

2010-02-02 12:33 . 2008-08-01 03:36 22016 ----a-r- c:\windows\system32\drivers\nvnetbus.sys

2010-02-02 12:33 . 2008-08-01 03:35 955520 ----a-r- c:\windows\system32\drivers\nvnrm.sys

2010-02-02 12:21 . 2010-02-02 12:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ahead

2010-02-02 12:18 . 2010-02-02 12:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead

2010-02-02 12:18 . 2010-02-02 12:18 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero

2010-02-02 12:18 . 2010-02-02 12:18 -------- d-----w- c:\arquivos de programas\Nero

2010-02-02 12:18 . 2010-02-02 12:18 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2010-02-02 12:18 . 2010-02-02 12:18 -------- d-----w- c:\arquivos de programas\DVD Shrink

2010-02-02 12:16 . 2007-01-09 00:17 27168 ------w- c:\windows\system32\msxml3a.dll

2010-02-02 12:16 . 2007-01-09 00:17 502816 ------w- c:\windows\system32\msvcp71.dll

2010-02-02 12:16 . 2007-01-09 00:17 351264 ------w- c:\windows\system32\msvcr71.dll

2010-02-02 12:16 . 2010-02-02 12:17 -------- d-----w- c:\arquivos de programas\CyberLink

2010-02-02 12:15 . 2010-02-08 11:04 -------- d-----w- c:\arquivos de programas\Java

2010-02-02 12:15 . 2010-02-02 12:15 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-02-02 12:15 . 2010-02-02 12:15 0 ----a-w- c:\windows\nsreg.dat

2010-02-02 12:14 . 2010-02-02 12:14 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2010-02-02 12:14 . 2010-02-02 12:14 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real

2010-02-02 12:14 . 2010-02-02 12:14 -------- d-----w- c:\arquivos de programas\Real

2010-02-02 12:11 . 2010-02-02 12:11 -------- d-----w- c:\windows\system32\Lang

2010-02-02 12:09 . 2008-08-24 19:22 14208 ----a-r- c:\windows\system32\drivers\nvsmu.sys

2010-02-02 12:09 . 2008-08-21 07:17 122880 ----a-r- c:\windows\system32\NVCOSMU.DLL

2010-02-02 12:09 . 2008-08-21 07:17 453152 ----a-w- c:\windows\system32\nvusmu.exe

2010-02-02 12:08 . 2010-02-02 12:08 -------- d-----w- c:\windows\nview

2010-02-02 12:08 . 2008-08-01 06:48 453152 ----a-w- c:\windows\system32\nvudisp.exe

2010-02-02 12:07 . 2008-08-20 10:35 453152 ----a-r- c:\windows\system32\nvuninst.exe

2010-02-02 12:07 . 2008-08-20 10:35 122880 ----a-r- c:\windows\system32\NVCOSMB.DLL

2010-02-02 12:07 . 2008-08-20 10:35 453152 ----a-w- c:\windows\system32\nvusmb.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-25 12:00 . 2001-10-28 14:07 67450 ----a-w- c:\windows\system32\perfc016.dat

2010-02-25 12:00 . 2001-10-28 14:07 425426 ----a-w- c:\windows\system32\perfh016.dat

2010-02-18 16:21 . 2010-02-02 12:10 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-02-02 17:20 . 2010-02-02 12:35 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\LimeWire

2010-02-02 14:41 . 2010-02-02 12:35 -------- d-----w- c:\arquivos de programas\LimeWire

2010-02-02 12:48 . 2010-02-02 13:37 12464 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgrsstx.dll

2010-02-02 12:37 . 2010-02-02 12:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\L&H Shared

2010-02-02 12:37 . 2010-02-02 12:37 -------- d-----w- c:\arquivos de programas\LHSP

2010-02-02 12:37 . 2010-02-02 12:37 -------- d-----w- c:\arquivos de programas\Positivo

2010-02-02 12:37 . 2010-02-02 12:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2010-02-02 12:36 . 2010-02-02 12:36 2232 ----a-w- c:\windows\java\Packages\Data\53J7HVJR.DAT

2010-02-02 12:36 . 2010-02-02 12:36 155995 ----a-w- c:\windows\java\Packages\XRFNX7F5.ZIP

2010-02-02 12:36 . 2010-02-02 12:36 2678 ----a-w- c:\windows\java\Packages\Data\HF9VTFVD.DAT

2010-02-02 12:36 . 2010-02-02 12:36 2678 ----a-w- c:\windows\java\Packages\Data\9B3VX3RX.DAT

2010-02-02 12:36 . 2010-02-02 12:36 2678 ----a-w- c:\windows\java\Packages\Data\CCJH353H.DAT

2010-02-02 12:36 . 2010-02-02 12:36 2678 ----a-w- c:\windows\java\Packages\Data\4KJRNPNR.DAT

2010-02-02 12:36 . 2010-02-02 12:36 2678 ----a-w- c:\windows\java\Packages\Data\01JJX73V.DAT

2010-02-02 12:20 . 2010-02-02 11:54 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-02-02 12:10 . 2010-02-02 12:10 -------- d-----w- c:\arquivos de programas\Realtek

2010-02-02 11:55 . 2010-02-02 11:55 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2010-02-02 11:54 . 2010-02-02 11:54 -------- d-----w- c:\arquivos de programas\Serviços on-line

2010-02-02 11:53 . 2010-02-02 11:53 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2010-02-02 11:52 . 2010-02-02 11:52 21844 ----a-w- c:\windows\system32\emptyregdb.dat

.

 

------- Sigcheck -------

 

[-] 2009-05-24 . 1D01C384F3BA123EB6F09769DEA005AC . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-02-26_15.29.36 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-02-26 16:12 . 2010-02-26 16:12 16384 c:\windows\Temp\Perflib_Perfdata_1e0.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-02-02 180269]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2010-02-08 149280]

"AutorunRemover.exe"="c:\arquivos de programas\AutorunRemover\AutorunRemover.exe" [2010-02-02 488960]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13529088]

"UnlockerAssistant"="c:\arquivos de programas\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-17 17508864]

"Malwarebytes' Anti-Malware"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-02-02 13:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgam.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgdiagex.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2/2/2010 09:48 161800]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/2/2010 09:47 333192]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/2/2010 09:48 360584]

R2 avg9emc;AVG E-mail Scanner;c:\arquivos de programas\AVG\AVG9\avgemc.exe [2/2/2010 09:47 906520]

R2 avg9wd;AVG WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [2/2/2010 09:47 285392]

R2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [26/2/2010 09:53 236368]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26/2/2010 09:53 19160]

S2 debuiriub;Boot Monitor;c:\windows\system32\svchost.exe -k netsvcs [13/4/2008 18:21 14336]

S2 gupdate1caa593386fee70;Google Update Service (gupdate1caa593386fee70);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [4/2/2010 09:11 133104]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/2/2010 09:10 1684736]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

debuiriub

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-04 12:11]

 

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-04 12:11]

 

2010-02-26 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Projetos 01.job

- c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe [2010-02-26 19:07]

 

2010-02-26 c:\windows\Tasks\Malwarebytes' Scheduled Update for Projetos 01.job

- c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe [2010-02-26 19:07]

.

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~4\Office12\EXCEL.EXE/3000

TCP: {6DC2657B-8D53-4405-9553-2210BE598015} = 201.16.252.2

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\Projetos 01\Dados de aplicativos\Mozilla\Firefox\Profiles\wf6bsv1z.default\

FF - prefs.js: browser.startup.homepage - www.google.com.br

FF - component: c:\arquivos de programas\AVG\AVG9\Firefox\components\avgssff.dll

FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll

 

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-26 13:13

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\debuiriub]

"ServiceDll"="c:\windows\system32\utgrxo.dll"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(324)

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\AVG\AVG9\avgchsvx.exe

c:\arquivos de programas\AVG\AVG9\avgrsx.exe

c:\arquivos de programas\AVG\AVG9\avgcsrvx.exe

c:\arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe

c:\arquivos de programas\AVG\AVG9\avgam.exe

c:\arquivos de programas\AVG\AVG9\avgnsx.exe

c:\arquivos de programas\AVG\AVG9\avgcsrvx.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-02-26 13:15:35 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-02-26 16:15

ComboFix2.txt 2010-02-26 15:31

C:\DeQuarantine.txt

 

Pré-execução: 10 pasta(s) 125.008.371.712 bytes disponíveis

Pós execução: 11 pasta(s) 124.939.386.880 bytes disponíveis

 

- - End Of File - - C9F2C7A2FC5B398D224CA8F6DF3AB42B

[wings 22]

Desculpe Jota Tiros...é para clicar 6 no USBFix.

 

Vamos lá!

 

 

1.

*Duplo clique em UsbFix

*Tecle P > [ENTER]

*Tecle 6 > [ENTER]

 

2.

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

 

File::

c:\windows\system32\utgrxo.dll

Registry::

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\debuiriub]

NetSvc::

debuiriub

Driver::

debuiriub

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

 

*Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N ou 2.

 

*Cole o relatório criado em C:\combofix.txt

[Jota Tiros 0]

Sem problemas Wings.

Passo 1 feito, UsbFix desinstalado.

Passo 2 feito, selecionado, copiado, colado, salvo e arrastado. Log ComboFix:

 

ComboFix 10-02-25.02 - Projetos 01 26/02/2010 14:12:28.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1022.509 [GMT -3:00]

Executando de: c:\documents and settings\Projetos 01\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Projetos 01\Desktop\CFScript.txt

AV: AVG Internet Security 3-pack *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

FILE ::

"c:\windows\system32\utgrxo.dll"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\utgrxo.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_DEBUIRIUB

-------\Service_debuiriub

-------\Service_gdtlhl

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-26 to 2010-02-26 ))))))))))))))))))))))))))))

.

 

2010-02-26 12:53 . 2010-02-26 12:53 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\Malwarebytes

2010-02-26 12:53 . 2010-01-07 19:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-26 12:53 . 2010-02-26 12:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-02-26 12:53 . 2010-02-26 12:53 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-02-26 12:53 . 2010-01-07 19:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-26 12:46 . 2010-02-26 12:46 452757 ----a-w- C:\UsbFix_Upload_Me_PROJETOS01.zip

2010-02-25 17:14 . 2010-02-26 17:07 -------- d-----w- C:\UsbFix

2010-02-25 15:24 . 2010-02-25 15:24 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\Media Player Classic

2010-02-25 15:12 . 2010-02-25 15:12 -------- d-----w- c:\arquivos de programas\Flv Audio Video Extractor

2010-02-25 13:49 . 2010-02-25 15:32 -------- d-----w- C:\Hijack

2010-02-25 13:12 . 2010-02-25 13:13 -------- d-----w- c:\arquivos de programas\XP Codec Pack

2010-02-24 12:02 . 2010-02-24 12:02 -------- d-----w- c:\arquivos de programas\CCleaner

2010-02-23 12:01 . 2010-02-23 12:02 -------- d-----w- C:\LinhaDefensiva

2010-02-22 18:19 . 2010-02-26 13:06 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\Ahead

2010-02-22 12:21 . 2010-02-22 12:21 -------- d-----w- c:\arquivos de programas\GPLGS

2010-02-22 12:19 . 2009-11-05 11:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll

2010-02-22 12:19 . 2010-02-22 12:19 -------- d-----w- c:\arquivos de programas\Acro Software

2010-02-09 11:54 . 2010-02-09 11:54 -------- d-----w- c:\arquivos de programas\SIMBRASIL 3.03

2010-02-08 11:04 . 2010-02-08 11:04 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-08 11:04 . 2010-02-08 11:04 152576 ----a-w- c:\documents and settings\Projetos 01\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll

2010-02-08 10:59 . 2010-02-08 10:59 79488 ----a-w- c:\documents and settings\Projetos 01\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll

2010-02-08 10:58 . 2010-02-25 12:02 -------- d-----w- c:\arquivos de programas\Unlocker

2010-02-04 15:55 . 2010-02-04 15:55 -------- d-----w- c:\arquivos de programas\Tekhnelogos

2010-02-04 12:11 . 2010-02-18 16:21 -------- d-----w- c:\arquivos de programas\Google

2010-02-03 11:44 . 2007-10-23 11:27 110592 ----a-w- c:\documents and settings\Projetos 01\Dados de aplicativos\U3\temp\cleanup.exe

2010-02-03 11:43 . 2008-05-02 12:41 3493888 ---ha-w- c:\documents and settings\Projetos 01\Dados de aplicativos\U3\temp\Launchpad Removal.exe

2010-02-03 11:43 . 2010-02-03 11:44 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\U3

2010-02-02 16:39 . 2010-02-02 16:39 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\AVG9

2010-02-02 14:49 . 2010-02-02 14:49 -------- d-----w- c:\windows\Sun

2010-02-02 14:29 . 2010-02-02 14:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\IObit

2010-02-02 14:27 . 2010-02-02 14:45 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\IObit

2010-02-02 14:27 . 2010-02-02 14:27 -------- d-----w- c:\arquivos de programas\IObit

2010-02-02 13:31 . 2008-04-13 21:20 26624 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2010-02-02 13:31 . 2008-04-13 21:20 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-02-02 13:31 . 2010-02-02 13:31 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2010-02-02 13:30 . 2010-02-25 11:58 -------- d-----w- c:\windows\system32\LogFiles

2010-02-02 13:30 . 2010-02-02 13:30 -------- d-----w- c:\windows\system32\drivers\UMDF

2010-02-02 13:30 . 2006-09-25 19:58 23856 ----a-w- c:\windows\system32\spupdsvc.exe

2010-02-02 13:22 . 2010-02-02 12:47 877848 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.exe

2010-02-02 13:22 . 2010-02-02 12:47 1657112 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.dll

2010-02-02 13:22 . 2010-02-02 12:47 798488 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avginet.dll

2010-02-02 13:22 . 2010-02-02 12:47 613656 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgiproxy.exe

2010-02-02 13:09 . 2010-02-02 13:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-02-02 13:01 . 2010-02-02 13:01 -------- d-----w- c:\arquivos de programas\AnswerWorks 4.0

2010-02-02 13:00 . 2010-02-02 13:02 -------- d-----w- c:\arquivos de programas\AutoCAD 2007

2010-02-02 13:00 . 2010-02-02 13:00 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\Autodesk

2010-02-02 13:00 . 2010-02-02 13:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Autodesk

2010-02-02 13:00 . 2006-10-26 21:58 30512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll

2010-02-02 13:00 . 2006-10-26 21:58 30512 ----a-w- c:\windows\system32\mdimon.dll

2010-02-02 12:59 . 2010-02-02 12:59 -------- d-----w- c:\arquivos de programas\Microsoft Works

2010-02-02 12:58 . 2010-02-02 13:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Autodesk Shared

2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\arquivos de programas\Autodesk

2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\arquivos de programas\Microsoft.NET

2010-02-02 12:56 . 2010-02-02 12:56 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-02-02 12:56 . 2010-02-02 12:59 -------- d-----w- c:\windows\SHELLNEW

2010-02-02 12:56 . 2010-02-02 13:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-02-02 12:56 . 2010-02-02 12:56 -------- d-----r- C:\MSOCache

2010-02-02 12:51 . 2010-02-25 18:44 -------- d-----w- c:\documents and settings\Projetos 01\Tracing

2010-02-02 12:50 . 2010-02-02 12:50 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2010-02-02 12:49 . 2010-02-02 12:49 -------- d-----w- c:\arquivos de programas\Microsoft

2010-02-02 12:49 . 2010-02-02 12:49 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2010-02-02 12:49 . 2010-02-02 12:50 -------- d-----w- c:\arquivos de programas\Windows Live

2010-02-02 12:48 . 2010-02-02 16:03 -------- d-----w- C:\$AVG

2010-02-02 12:48 . 2010-02-02 13:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-02-02 12:48 . 2010-02-02 12:48 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2010-02-02 12:48 . 2010-02-02 12:48 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-02-02 12:47 . 2010-02-02 12:47 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-02-02 12:47 . 2010-02-02 13:37 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-02-02 12:47 . 2010-02-26 12:01 -------- d-----w- c:\windows\system32\drivers\Avg

2010-02-02 12:47 . 2010-02-02 12:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2010-02-02 12:47 . 2010-02-02 12:47 -------- d-----w- c:\arquivos de programas\AVG

2010-02-02 12:47 . 2010-02-02 12:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2010-02-02 12:44 . 2010-02-03 11:41 -------- d-----w- c:\arquivos de programas\AutorunRemover

2010-02-02 12:42 . 2008-04-13 13:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

2010-02-02 12:40 . 2010-02-09 11:17 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-02-02 12:39 . 2010-02-02 12:39 -------- d-----w- c:\arquivos de programas\CHANGJIE

2010-02-02 12:39 . 2010-02-02 12:39 -------- d-----w- c:\arquivos de programas\TCIME

2010-02-02 12:39 . 2010-02-02 12:39 -------- d-----w- c:\arquivos de programas\SCIME

2010-02-02 12:39 . 2010-02-02 12:39 -------- d-----w- c:\arquivos de programas\KOIME

2010-02-02 12:38 . 2010-02-02 12:38 -------- d-----w- c:\windows\LHSP

2010-02-02 12:36 . 2002-02-18 12:23 46352 ----a-w- c:\windows\setdebug.exe

2010-02-02 12:36 . 2002-02-18 12:22 171280 ----a-w- c:\windows\system32\jit.dll

2010-02-02 12:36 . 2002-02-18 12:22 139536 ----a-w- c:\windows\system32\javaee.dll

2010-02-02 12:36 . 2002-02-18 09:35 6550 ----a-w- c:\windows\jautoexp.dat

2010-02-02 12:36 . 2002-02-18 09:34 313856 ----a-w- c:\windows\system32\dx3j.dll

2010-02-02 12:33 . 2008-08-01 03:36 54784 ----a-r- c:\windows\system32\drivers\NVENETFD.sys

2010-02-02 12:33 . 2008-08-01 03:35 200704 ----a-r- c:\windows\system32\fdco1ins.dll

2010-02-02 12:33 . 2008-08-01 03:35 200704 ----a-r- c:\windows\system32\fdco1.dll

2010-02-02 12:33 . 2008-07-07 17:45 4984 ----a-r- c:\windows\system32\drivers\nvphy.bin

2010-02-02 12:33 . 2008-07-29 05:33 446464 ----a-w- c:\windows\system32\nvunrm.exe

2010-02-02 12:33 . 2008-08-01 03:34 9216 ----a-r- c:\windows\system32\bdco1ins.dll

2010-02-02 12:33 . 2008-08-01 03:34 9216 ----a-r- c:\windows\system32\bdco1.dll

2010-02-02 12:33 . 2008-07-29 05:33 122880 ----a-r- c:\windows\system32\nvconrm.dll

2010-02-02 12:33 . 2008-08-01 03:36 22016 ----a-r- c:\windows\system32\drivers\nvnetbus.sys

2010-02-02 12:33 . 2008-08-01 03:35 955520 ----a-r- c:\windows\system32\drivers\nvnrm.sys

2010-02-02 12:21 . 2010-02-02 12:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ahead

2010-02-02 12:18 . 2010-02-02 12:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead

2010-02-02 12:18 . 2010-02-02 12:18 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero

2010-02-02 12:18 . 2010-02-02 12:18 -------- d-----w- c:\arquivos de programas\Nero

2010-02-02 12:18 . 2010-02-02 12:18 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2010-02-02 12:18 . 2010-02-02 12:18 -------- d-----w- c:\arquivos de programas\DVD Shrink

2010-02-02 12:16 . 2007-01-09 00:17 27168 ------w- c:\windows\system32\msxml3a.dll

2010-02-02 12:16 . 2007-01-09 00:17 502816 ------w- c:\windows\system32\msvcp71.dll

2010-02-02 12:16 . 2007-01-09 00:17 351264 ------w- c:\windows\system32\msvcr71.dll

2010-02-02 12:16 . 2010-02-02 12:17 -------- d-----w- c:\arquivos de programas\CyberLink

2010-02-02 12:15 . 2010-02-08 11:04 -------- d-----w- c:\arquivos de programas\Java

2010-02-02 12:15 . 2010-02-02 12:15 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-02-02 12:15 . 2010-02-02 12:15 0 ----a-w- c:\windows\nsreg.dat

2010-02-02 12:14 . 2010-02-02 12:14 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2010-02-02 12:14 . 2010-02-02 12:14 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real

2010-02-02 12:14 . 2010-02-02 12:14 -------- d-----w- c:\arquivos de programas\Real

2010-02-02 12:11 . 2010-02-02 12:11 -------- d-----w- c:\windows\system32\Lang

2010-02-02 12:09 . 2008-08-24 19:22 14208 ----a-r- c:\windows\system32\drivers\nvsmu.sys

2010-02-02 12:09 . 2008-08-21 07:17 122880 ----a-r- c:\windows\system32\NVCOSMU.DLL

2010-02-02 12:09 . 2008-08-21 07:17 453152 ----a-w- c:\windows\system32\nvusmu.exe

2010-02-02 12:08 . 2010-02-02 12:08 -------- d-----w- c:\windows\nview

2010-02-02 12:08 . 2008-08-01 06:48 453152 ----a-w- c:\windows\system32\nvudisp.exe

2010-02-02 12:07 . 2008-08-20 10:35 453152 ----a-r- c:\windows\system32\nvuninst.exe

2010-02-02 12:07 . 2008-08-20 10:35 122880 ----a-r- c:\windows\system32\NVCOSMB.DLL

2010-02-02 12:07 . 2008-08-20 10:35 453152 ----a-w- c:\windows\system32\nvusmb.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-25 12:00 . 2001-10-28 14:07 67450 ----a-w- c:\windows\system32\perfc016.dat

2010-02-25 12:00 . 2001-10-28 14:07 425426 ----a-w- c:\windows\system32\perfh016.dat

2010-02-18 16:21 . 2010-02-02 12:10 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-02-02 17:20 . 2010-02-02 12:35 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\LimeWire

2010-02-02 14:41 . 2010-02-02 12:35 -------- d-----w- c:\arquivos de programas\LimeWire

2010-02-02 12:48 . 2010-02-02 13:37 12464 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgrsstx.dll

2010-02-02 12:37 . 2010-02-02 12:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\L&H Shared

2010-02-02 12:37 . 2010-02-02 12:37 -------- d-----w- c:\arquivos de programas\LHSP

2010-02-02 12:37 . 2010-02-02 12:37 -------- d-----w- c:\arquivos de programas\Positivo

2010-02-02 12:37 . 2010-02-02 12:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2010-02-02 12:36 . 2010-02-02 12:36 2232 ----a-w- c:\windows\java\Packages\Data\53J7HVJR.DAT

2010-02-02 12:36 . 2010-02-02 12:36 155995 ----a-w- c:\windows\java\Packages\XRFNX7F5.ZIP

2010-02-02 12:36 . 2010-02-02 12:36 2678 ----a-w- c:\windows\java\Packages\Data\HF9VTFVD.DAT

2010-02-02 12:36 . 2010-02-02 12:36 2678 ----a-w- c:\windows\java\Packages\Data\9B3VX3RX.DAT

2010-02-02 12:36 . 2010-02-02 12:36 2678 ----a-w- c:\windows\java\Packages\Data\CCJH353H.DAT

2010-02-02 12:36 . 2010-02-02 12:36 2678 ----a-w- c:\windows\java\Packages\Data\4KJRNPNR.DAT

2010-02-02 12:36 . 2010-02-02 12:36 2678 ----a-w- c:\windows\java\Packages\Data\01JJX73V.DAT

2010-02-02 12:20 . 2010-02-02 11:54 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-02-02 12:10 . 2010-02-02 12:10 -------- d-----w- c:\arquivos de programas\Realtek

2010-02-02 11:55 . 2010-02-02 11:55 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2010-02-02 11:54 . 2010-02-02 11:54 -------- d-----w- c:\arquivos de programas\Serviços on-line

2010-02-02 11:53 . 2010-02-02 11:53 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2010-02-02 11:52 . 2010-02-02 11:52 21844 ----a-w- c:\windows\system32\emptyregdb.dat

.

 

------- Sigcheck -------

 

[-] 2009-05-24 . 1D01C384F3BA123EB6F09769DEA005AC . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-02-26_15.29.36 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-02-26 17:17 . 2010-02-26 17:17 16384 c:\windows\Temp\Perflib_Perfdata_15c.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-02-02 180269]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2010-02-08 149280]

"AutorunRemover.exe"="c:\arquivos de programas\AutorunRemover\AutorunRemover.exe" [2010-02-02 488960]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13529088]

"UnlockerAssistant"="c:\arquivos de programas\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-17 17508864]

"Malwarebytes' Anti-Malware"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-02-02 13:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgam.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgdiagex.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4990:TCP"= 4990:TCP:ccpvbyql

 

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2/2/2010 09:48 161800]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/2/2010 09:47 333192]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/2/2010 09:48 360584]

R2 avg9emc;AVG E-mail Scanner;c:\arquivos de programas\AVG\AVG9\avgemc.exe [2/2/2010 09:47 906520]

R2 avg9wd;AVG WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [2/2/2010 09:47 285392]

R2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [26/2/2010 09:53 236368]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26/2/2010 09:53 19160]

S2 gdtlhl;Server Config;c:\windows\system32\svchost.exe -k netsvcs [13/4/2008 18:21 14336]

S2 gupdate1caa593386fee70;Google Update Service (gupdate1caa593386fee70);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [4/2/2010 09:11 133104]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/2/2010 09:10 1684736]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

gdtlhl

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-04 12:11]

 

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-04 12:11]

 

2010-02-26 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Projetos 01.job

- c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe [2010-02-26 19:07]

 

2010-02-26 c:\windows\Tasks\Malwarebytes' Scheduled Update for Projetos 01.job

- c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe [2010-02-26 19:07]

.

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~4\Office12\EXCEL.EXE/3000

TCP: {6DC2657B-8D53-4405-9553-2210BE598015} = 201.16.252.2

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\Projetos 01\Dados de aplicativos\Mozilla\Firefox\Profiles\wf6bsv1z.default\

FF - prefs.js: browser.startup.homepage - www.google.com.br

FF - component: c:\arquivos de programas\AVG\AVG9\Firefox\components\avgssff.dll

FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll

 

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-26 14:18

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gdtlhl]

"ServiceDll"="c:\windows\system32\utgrxo.dll"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(2820)

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\AVG\AVG9\avgchsvx.exe

c:\arquivos de programas\AVG\AVG9\avgrsx.exe

c:\arquivos de programas\AVG\AVG9\avgcsrvx.exe

c:\arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe

c:\arquivos de programas\AVG\AVG9\avgam.exe

c:\arquivos de programas\AVG\AVG9\avgnsx.exe

c:\arquivos de programas\AVG\AVG9\avgcsrvx.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-02-26 14:20:39 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-02-26 17:20

ComboFix2.txt 2010-02-26 16:15

ComboFix3.txt 2010-02-26 15:31

 

Pré-execução: 10 pasta(s) 125.145.534.464 bytes disponíveis

Pós execução: 11 pasta(s) 125.034.160.128 bytes disponíveis

 

- - End Of File - - 5983E516F83E642F13BBD47E3EB16433

[wings 22]

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

 

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4990:TCP"=-

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

 

*Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N ou 2.

 

*Cole o relatório criado em C:\combofix.txt

[Jota Tiros 0]

Wings,

Selecionado, copiado, colado, salvo e arrastado.

Log ComboFix:

 

ComboFix 10-02-28.04 - Projetos 01 01/03/2010 9:57.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1022.572 [GMT -3:00]

Executando de: c:\documents and settings\Projetos 01\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Projetos 01\Desktop\CFScript.txt

AV: AVG Internet Security 3-pack *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-01 to 2010-03-01 ))))))))))))))))))))))))))))

.

 

2010-02-26 12:53 . 2010-02-26 12:53 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\Malwarebytes

2010-02-26 12:53 . 2010-01-07 19:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-26 12:53 . 2010-02-26 12:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-02-26 12:53 . 2010-02-26 12:53 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-02-26 12:53 . 2010-01-07 19:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-26 12:46 . 2010-02-26 12:46 452757 ----a-w- C:\UsbFix_Upload_Me_PROJETOS01.zip

2010-02-25 17:14 . 2010-02-26 17:07 -------- d-----w- C:\UsbFix

2010-02-25 15:24 . 2010-02-25 15:24 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\Media Player Classic

2010-02-25 15:12 . 2010-02-25 15:12 -------- d-----w- c:\arquivos de programas\Flv Audio Video Extractor

2010-02-25 13:49 . 2010-02-25 15:32 -------- d-----w- C:\Hijack

2010-02-25 13:12 . 2010-02-25 13:13 -------- d-----w- c:\arquivos de programas\XP Codec Pack

2010-02-24 12:02 . 2010-02-24 12:02 -------- d-----w- c:\arquivos de programas\CCleaner

2010-02-23 12:01 . 2010-02-23 12:02 -------- d-----w- C:\LinhaDefensiva

2010-02-22 18:19 . 2010-02-26 13:06 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\Ahead

2010-02-22 12:21 . 2010-02-22 12:21 -------- d-----w- c:\arquivos de programas\GPLGS

2010-02-22 12:19 . 2009-11-05 11:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll

2010-02-22 12:19 . 2010-02-22 12:19 -------- d-----w- c:\arquivos de programas\Acro Software

2010-02-09 11:54 . 2010-02-09 11:54 -------- d-----w- c:\arquivos de programas\SIMBRASIL 3.03

2010-02-08 11:04 . 2010-02-08 11:04 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-08 11:04 . 2010-02-08 11:04 152576 ----a-w- c:\documents and settings\Projetos 01\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll

2010-02-08 10:59 . 2010-02-08 10:59 79488 ----a-w- c:\documents and settings\Projetos 01\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll

2010-02-08 10:58 . 2010-02-26 18:25 -------- d-----w- c:\arquivos de programas\Unlocker

2010-02-04 15:55 . 2010-02-04 15:55 -------- d-----w- c:\arquivos de programas\Tekhnelogos

2010-02-04 12:11 . 2010-02-18 16:21 -------- d-----w- c:\arquivos de programas\Google

2010-02-03 11:44 . 2007-10-23 11:27 110592 ----a-w- c:\documents and settings\Projetos 01\Dados de aplicativos\U3\temp\cleanup.exe

2010-02-03 11:43 . 2008-05-02 12:41 3493888 ---ha-w- c:\documents and settings\Projetos 01\Dados de aplicativos\U3\temp\Launchpad Removal.exe

2010-02-03 11:43 . 2010-02-03 11:44 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\U3

2010-02-02 16:39 . 2010-02-02 16:39 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\AVG9

2010-02-02 14:49 . 2010-02-02 14:49 -------- d-----w- c:\windows\Sun

2010-02-02 14:29 . 2010-02-02 14:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\IObit

2010-02-02 14:27 . 2010-02-02 14:45 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\IObit

2010-02-02 14:27 . 2010-02-02 14:27 -------- d-----w- c:\arquivos de programas\IObit

2010-02-02 13:31 . 2008-04-13 21:20 26624 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2010-02-02 13:31 . 2008-04-13 21:20 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-02-02 13:31 . 2010-02-02 13:31 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2010-02-02 13:30 . 2010-02-25 11:58 -------- d-----w- c:\windows\system32\LogFiles

2010-02-02 13:30 . 2010-02-02 13:30 -------- d-----w- c:\windows\system32\drivers\UMDF

2010-02-02 13:30 . 2006-09-25 19:58 23856 ----a-w- c:\windows\system32\spupdsvc.exe

2010-02-02 13:22 . 2010-02-02 12:47 877848 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.exe

2010-02-02 13:22 . 2010-02-02 12:47 1657112 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.dll

2010-02-02 13:22 . 2010-02-02 12:47 798488 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avginet.dll

2010-02-02 13:22 . 2010-02-02 12:47 613656 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgiproxy.exe

2010-02-02 13:09 . 2010-02-02 13:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-02-02 13:01 . 2010-02-02 13:01 -------- d-----w- c:\arquivos de programas\AnswerWorks 4.0

2010-02-02 13:00 . 2010-02-02 13:02 -------- d-----w- c:\arquivos de programas\AutoCAD 2007

2010-02-02 13:00 . 2010-02-02 13:00 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\Autodesk

2010-02-02 13:00 . 2010-02-02 13:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Autodesk

2010-02-02 13:00 . 2006-10-26 21:58 30512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll

2010-02-02 13:00 . 2006-10-26 21:58 30512 ----a-w- c:\windows\system32\mdimon.dll

2010-02-02 12:59 . 2010-02-02 12:59 -------- d-----w- c:\arquivos de programas\Microsoft Works

2010-02-02 12:58 . 2010-02-02 13:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Autodesk Shared

2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\arquivos de programas\Autodesk

2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\arquivos de programas\Microsoft.NET

2010-02-02 12:56 . 2010-02-02 12:56 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-02-02 12:56 . 2010-02-02 12:59 -------- d-----w- c:\windows\SHELLNEW

2010-02-02 12:56 . 2010-02-02 13:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-02-02 12:56 . 2010-02-02 12:56 -------- d-----r- C:\MSOCache

2010-02-02 12:51 . 2010-02-26 18:16 -------- d-----w- c:\documents and settings\Projetos 01\Tracing

2010-02-02 12:50 . 2010-02-02 12:50 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2010-02-02 12:49 . 2010-02-02 12:49 -------- d-----w- c:\arquivos de programas\Microsoft

2010-02-02 12:49 . 2010-02-02 12:49 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2010-02-02 12:49 . 2010-02-02 12:50 -------- d-----w- c:\arquivos de programas\Windows Live

2010-02-02 12:48 . 2010-02-02 16:03 -------- d-----w- C:\$AVG

2010-02-02 12:48 . 2010-02-02 13:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-02-02 12:48 . 2010-02-02 12:48 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2010-02-02 12:48 . 2010-02-02 12:48 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-02-02 12:47 . 2010-02-02 12:47 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-02-02 12:47 . 2010-02-02 13:37 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-02-02 12:47 . 2010-02-26 12:01 -------- d-----w- c:\windows\system32\drivers\Avg

2010-02-02 12:47 . 2010-02-02 12:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2010-02-02 12:47 . 2010-02-02 12:47 -------- d-----w- c:\arquivos de programas\AVG

2010-02-02 12:47 . 2010-02-02 12:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2010-02-02 12:44 . 2010-02-03 11:41 -------- d-----w- c:\arquivos de programas\AutorunRemover

2010-02-02 12:42 . 2008-04-13 13:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

2010-02-02 12:40 . 2010-02-09 11:17 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-02-02 12:39 . 2010-02-02 12:39 -------- d-----w- c:\arquivos de programas\CHANGJIE

2010-02-02 12:39 . 2010-02-02 12:39 -------- d-----w- c:\arquivos de programas\TCIME

2010-02-02 12:39 . 2010-02-02 12:39 -------- d-----w- c:\arquivos de programas\SCIME

2010-02-02 12:39 . 2010-02-02 12:39 -------- d-----w- c:\arquivos de programas\KOIME

2010-02-02 12:38 . 2010-02-02 12:38 -------- d-----w- c:\windows\LHSP

2010-02-02 12:36 . 2002-02-18 12:23 46352 ----a-w- c:\windows\setdebug.exe

2010-02-02 12:36 . 2002-02-18 12:22 171280 ----a-w- c:\windows\system32\jit.dll

2010-02-02 12:36 . 2002-02-18 12:22 139536 ----a-w- c:\windows\system32\javaee.dll

2010-02-02 12:36 . 2002-02-18 09:35 6550 ----a-w- c:\windows\jautoexp.dat

2010-02-02 12:36 . 2002-02-18 09:34 313856 ----a-w- c:\windows\system32\dx3j.dll

2010-02-02 12:33 . 2008-08-01 03:36 54784 ----a-r- c:\windows\system32\drivers\NVENETFD.sys

2010-02-02 12:33 . 2008-08-01 03:35 200704 ----a-r- c:\windows\system32\fdco1ins.dll

2010-02-02 12:33 . 2008-08-01 03:35 200704 ----a-r- c:\windows\system32\fdco1.dll

2010-02-02 12:33 . 2008-07-07 17:45 4984 ----a-r- c:\windows\system32\drivers\nvphy.bin

2010-02-02 12:33 . 2008-07-29 05:33 446464 ----a-w- c:\windows\system32\nvunrm.exe

2010-02-02 12:33 . 2008-08-01 03:34 9216 ----a-r- c:\windows\system32\bdco1ins.dll

2010-02-02 12:33 . 2008-08-01 03:34 9216 ----a-r- c:\windows\system32\bdco1.dll

2010-02-02 12:33 . 2008-07-29 05:33 122880 ----a-r- c:\windows\system32\nvconrm.dll

2010-02-02 12:33 . 2008-08-01 03:36 22016 ----a-r- c:\windows\system32\drivers\nvnetbus.sys

2010-02-02 12:33 . 2008-08-01 03:35 955520 ----a-r- c:\windows\system32\drivers\nvnrm.sys

2010-02-02 12:21 . 2010-02-02 12:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ahead

2010-02-02 12:18 . 2010-02-02 12:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead

2010-02-02 12:18 . 2010-02-02 12:18 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero

2010-02-02 12:18 . 2010-02-02 12:18 -------- d-----w- c:\arquivos de programas\Nero

2010-02-02 12:18 . 2010-02-02 12:18 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2010-02-02 12:18 . 2010-02-02 12:18 -------- d-----w- c:\arquivos de programas\DVD Shrink

2010-02-02 12:16 . 2007-01-09 00:17 27168 ------w- c:\windows\system32\msxml3a.dll

2010-02-02 12:16 . 2007-01-09 00:17 502816 ------w- c:\windows\system32\msvcp71.dll

2010-02-02 12:16 . 2007-01-09 00:17 351264 ------w- c:\windows\system32\msvcr71.dll

2010-02-02 12:16 . 2010-02-02 12:17 -------- d-----w- c:\arquivos de programas\CyberLink

2010-02-02 12:15 . 2010-02-08 11:04 -------- d-----w- c:\arquivos de programas\Java

2010-02-02 12:15 . 2010-02-02 12:15 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-02-02 12:15 . 2010-02-02 12:15 0 ----a-w- c:\windows\nsreg.dat

2010-02-02 12:14 . 2010-02-02 12:14 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2010-02-02 12:14 . 2010-02-02 12:14 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real

2010-02-02 12:14 . 2010-02-02 12:14 -------- d-----w- c:\arquivos de programas\Real

2010-02-02 12:11 . 2010-02-02 12:11 -------- d-----w- c:\windows\system32\Lang

2010-02-02 12:09 . 2008-08-24 19:22 14208 ----a-r- c:\windows\system32\drivers\nvsmu.sys

2010-02-02 12:09 . 2008-08-21 07:17 122880 ----a-r- c:\windows\system32\NVCOSMU.DLL

2010-02-02 12:09 . 2008-08-21 07:17 453152 ----a-w- c:\windows\system32\nvusmu.exe

2010-02-02 12:08 . 2010-02-02 12:08 -------- d-----w- c:\windows\nview

2010-02-02 12:08 . 2008-08-01 06:48 453152 ----a-w- c:\windows\system32\nvudisp.exe

2010-02-02 12:07 . 2008-08-20 10:35 453152 ----a-r- c:\windows\system32\nvuninst.exe

2010-02-02 12:07 . 2008-08-20 10:35 122880 ----a-r- c:\windows\system32\NVCOSMB.DLL

2010-02-02 12:07 . 2008-08-20 10:35 453152 ----a-w- c:\windows\system32\nvusmb.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-25 12:00 . 2001-10-28 14:07 67450 ----a-w- c:\windows\system32\perfc016.dat

2010-02-25 12:00 . 2001-10-28 14:07 425426 ----a-w- c:\windows\system32\perfh016.dat

2010-02-18 16:21 . 2010-02-02 12:10 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-02-02 17:20 . 2010-02-02 12:35 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\LimeWire

2010-02-02 14:41 . 2010-02-02 12:35 -------- d-----w- c:\arquivos de programas\LimeWire

2010-02-02 12:48 . 2010-02-02 13:37 12464 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgrsstx.dll

2010-02-02 12:37 . 2010-02-02 12:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\L&H Shared

2010-02-02 12:37 . 2010-02-02 12:37 -------- d-----w- c:\arquivos de programas\LHSP

2010-02-02 12:37 . 2010-02-02 12:37 -------- d-----w- c:\arquivos de programas\Positivo

2010-02-02 12:37 . 2010-02-02 12:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2010-02-02 12:36 . 2010-02-02 12:36 2232 ----a-w- c:\windows\java\Packages\Data\53J7HVJR.DAT

2010-02-02 12:36 . 2010-02-02 12:36 155995 ----a-w- c:\windows\java\Packages\XRFNX7F5.ZIP

2010-02-02 12:36 . 2010-02-02 12:36 2678 ----a-w- c:\windows\java\Packages\Data\HF9VTFVD.DAT

2010-02-02 12:36 . 2010-02-02 12:36 2678 ----a-w- c:\windows\java\Packages\Data\9B3VX3RX.DAT

2010-02-02 12:36 . 2010-02-02 12:36 2678 ----a-w- c:\windows\java\Packages\Data\CCJH353H.DAT

2010-02-02 12:36 . 2010-02-02 12:36 2678 ----a-w- c:\windows\java\Packages\Data\4KJRNPNR.DAT

2010-02-02 12:36 . 2010-02-02 12:36 2678 ----a-w- c:\windows\java\Packages\Data\01JJX73V.DAT

2010-02-02 12:20 . 2010-02-02 11:54 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-02-02 12:10 . 2010-02-02 12:10 -------- d-----w- c:\arquivos de programas\Realtek

2010-02-02 11:55 . 2010-02-02 11:55 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2010-02-02 11:54 . 2010-02-02 11:54 -------- d-----w- c:\arquivos de programas\Serviços on-line

2010-02-02 11:53 . 2010-02-02 11:53 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2010-02-02 11:52 . 2010-02-02 11:52 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2008-04-13 21:20 . 2008-04-13 21:20 164746 --sha-r- c:\windows\system32\utgrxo.dll

.

 

------- Sigcheck -------

 

[-] 2009-05-24 . 1D01C384F3BA123EB6F09769DEA005AC . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-02-26_15.29.36 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-03-01 11:55 . 2010-03-01 11:55 16384 c:\windows\Temp\Perflib_Perfdata_77c.dat

+ 2010-02-26 18:41 . 2010-02-26 18:41 22528 c:\windows\Installer\4d3708.msi

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-02-02 180269]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2010-02-08 149280]

"AutorunRemover.exe"="c:\arquivos de programas\AutorunRemover\AutorunRemover.exe" [2010-02-02 488960]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13529088]

"UnlockerAssistant"="c:\arquivos de programas\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-17 17508864]

"Malwarebytes' Anti-Malware"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-02-02 13:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgam.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgdiagex.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2/2/2010 09:48 161800]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/2/2010 09:47 333192]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/2/2010 09:48 360584]

R2 avg9emc;AVG E-mail Scanner;c:\arquivos de programas\AVG\AVG9\avgemc.exe [2/2/2010 09:47 906520]

R2 avg9wd;AVG WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [2/2/2010 09:47 285392]

R2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [26/2/2010 09:53 236368]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26/2/2010 09:53 19160]

S2 gdtlhl;Server Config;c:\windows\system32\svchost.exe -k netsvcs [13/4/2008 18:21 14336]

S2 gupdate1caa593386fee70;Google Update Service (gupdate1caa593386fee70);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [4/2/2010 09:11 133104]

S2 noyoygfrj;Shell Update;c:\windows\system32\svchost.exe -k netsvcs [13/4/2008 18:21 14336]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/2/2010 09:10 1684736]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - GDTLHL

*NewlyCreated* - NOYOYGFRJ

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

gdtlhl

noyoygfrj

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-04 12:11]

 

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-04 12:11]

 

2010-02-26 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Projetos 01.job

- c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe [2010-02-26 19:07]

 

2010-02-26 c:\windows\Tasks\Malwarebytes' Scheduled Update for Projetos 01.job

- c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe [2010-02-26 19:07]

.

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~4\Office12\EXCEL.EXE/3000

TCP: {6DC2657B-8D53-4405-9553-2210BE598015} = 201.16.252.2

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\Projetos 01\Dados de aplicativos\Mozilla\Firefox\Profiles\wf6bsv1z.default\

FF - prefs.js: browser.startup.homepage - www.google.com.br

FF - component: c:\arquivos de programas\AVG\AVG9\Firefox\components\avgssff.dll

FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.17\npGoogleOneClick8.dll

 

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-01 10:01

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gdtlhl]

"ServiceDll"="c:\windows\system32\utgrxo.dll"

--

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\noyoygfrj]

"ServiceDll"="c:\windows\system32\utgrxo.dll"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(1964)

c:\windows\system32\ieframe.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2010-03-01 10:02:37

ComboFix-quarantined-files.txt 2010-03-01 13:02

ComboFix2.txt 2010-02-26 17:20

ComboFix3.txt 2010-02-26 16:15

ComboFix4.txt 2010-02-26 15:31

 

Pré-execução: 9 pasta(s) 125.004.316.672 bytes disponíveis

Pós execução: 10 pasta(s) 124.971.409.408 bytes disponíveis

 

- - End Of File - - 6D7982CEB7577743EC0490DFF30ACF47

[wings 22]

*Acesse o site ConfickerWorkingGroup

*Interprete e informe.

[Jota Tiros 0]

Resultado:

 

Possibly Infected by Conficker A/B variant

 

Resultado:

 

Possibly Infected by Conficker A/B variant

 

Resultado:

 

Possibly Infected by Conficker A/B variant

[wings 22]

OK...

 

1.

*Baixe a atualização KB958644 e salve-a no desktop

*Instale-a. Caso seu Windows informe que a versão presente no seu PC é mais atual, cancele a instalação da atualização e siga para o passo seguinte.

 

2.

*Baixe o KK e salve-o no desktop

*Extraia o seu conteúdo para C:\

*Desative temporariamente seu antivírus

*Clique em [iniciar] > [Executar] > digite C:\kk.exe -x -y -l conficker.txt -v

*Clique OK e aguarde o término do scan. O programa será fechado automaticamente.

*Cole o resumo localizado no final do relatório criado em C:\conficker.txt

 

Exemplo:

11:35:54:609 2796 scanning Flash drives ...

11:35:54:625 2796

completed

11:35:54:625 2796 Infected jobs: 0

11:35:54:640 2796 Infected files: 2

11:35:54:640 2796 Infected threads: 2

11:35:54:640 2796 Spliced functions: 0

11:35:54:640 2796 Cured files: 2

11:35:54:640 2796 Fixed registry keys: 1

11:35:54:640 2796

[Jota Tiros 0]

Wings, pelo que entendi você quer só o final do relatório, pois é muito grande, certo?

Se for isso taí:

 

15:25:43:548 1868 scanning Flash drives ...

15:25:43:638 1868

completed

15:25:43:638 1868 Infected jobs: 0

15:25:43:638 1868 Infected files: 1

15:25:43:638 1868 Infected threads: 7

15:25:43:638 1868 Spliced functions: 7

15:25:43:638 1868 Cured files: 1

15:25:43:638 1868 Fixed registry keys: 6

15:25:43:638 1868

[wings 22]

Isso mesmo...

 

1.

*Delete os arquivos C:\KK.exe e C:\conficker.txt

 

2. Desinstale o combofix

 

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

 

*Clique em [Executar]

*Aguarde até surgir a mensagem: "ComboFix está desinstalado"

 

*Clique [OK]

 

3.

*Baixe novamente o Combofix e cole um novo relatório.

[Jota Tiros 0]

1 Deletados,

2 Desinstalado,

3 Baixado e executado.

Relatório:

 

ComboFix 10-03-01.03 - Projetos 01 02/03/2010 9:38.5.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1022.693 [GMT -3:00]

Executando de: c:\documents and settings\Projetos 01\Desktop\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-02 to 2010-03-02 ))))))))))))))))))))))))))))

.

 

2010-03-02 12:23 . 2010-03-02 12:28 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\GetRightToGo

2010-03-01 15:37 . 2010-02-11 19:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-03-01 15:37 . 2010-02-11 19:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-03-01 15:37 . 2010-02-11 19:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-03-01 15:37 . 2010-02-11 19:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-03-01 15:37 . 2010-02-11 19:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-03-01 15:37 . 2010-02-11 19:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-03-01 15:37 . 2010-02-11 19:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-03-01 15:37 . 2010-02-11 19:53 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-03-01 15:37 . 2010-02-11 19:53 153184 ----a-w- c:\windows\system32\aswBoot.exe

2010-03-01 15:37 . 2010-03-01 15:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software

2010-03-01 15:37 . 2010-03-01 15:37 -------- d-----w- c:\arquivos de programas\Alwil Software

2010-03-01 13:43 . 2010-03-02 12:40 -------- d-----w- C:\Scanner

2010-02-26 12:53 . 2010-02-26 12:53 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\Malwarebytes

2010-02-26 12:53 . 2010-02-26 12:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-02-26 12:46 . 2010-02-26 12:46 452757 ----a-w- C:\UsbFix_Upload_Me_PROJETOS01.zip

2010-02-25 17:14 . 2010-02-26 17:07 -------- d-----w- C:\UsbFix

2010-02-25 15:24 . 2010-02-25 15:24 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\Media Player Classic

2010-02-25 15:12 . 2010-02-25 15:12 -------- d-----w- c:\arquivos de programas\Flv Audio Video Extractor

2010-02-25 13:49 . 2010-02-25 15:32 -------- d-----w- C:\Hijack

2010-02-25 13:12 . 2010-02-25 13:13 -------- d-----w- c:\arquivos de programas\XP Codec Pack

2010-02-24 12:02 . 2010-02-24 12:02 -------- d-----w- c:\arquivos de programas\CCleaner

2010-02-23 12:01 . 2010-02-23 12:02 -------- d-----w- C:\LinhaDefensiva

2010-02-22 18:19 . 2010-02-26 13:06 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\Ahead

2010-02-22 12:21 . 2010-02-22 12:21 -------- d-----w- c:\arquivos de programas\GPLGS

2010-02-22 12:19 . 2009-11-05 11:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll

2010-02-22 12:19 . 2010-02-22 12:19 -------- d-----w- c:\arquivos de programas\Acro Software

2010-02-09 11:54 . 2010-02-09 11:54 -------- d-----w- c:\arquivos de programas\SIMBRASIL 3.03

2010-02-08 11:04 . 2010-02-08 11:04 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-08 11:04 . 2010-02-08 11:04 152576 ----a-w- c:\documents and settings\Projetos 01\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll

2010-02-08 10:59 . 2010-02-08 10:59 79488 ----a-w- c:\documents and settings\Projetos 01\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll

2010-02-08 10:58 . 2010-02-26 18:25 -------- d-----w- c:\arquivos de programas\Unlocker

2010-02-04 15:55 . 2010-02-04 15:55 -------- d-----w- c:\arquivos de programas\Tekhnelogos

2010-02-04 12:11 . 2010-02-18 16:21 -------- d-----w- c:\arquivos de programas\Google

2010-02-03 11:44 . 2007-10-23 11:27 110592 ----a-w- c:\documents and settings\Projetos 01\Dados de aplicativos\U3\temp\cleanup.exe

2010-02-03 11:43 . 2008-05-02 12:41 3493888 ---ha-w- c:\documents and settings\Projetos 01\Dados de aplicativos\U3\temp\Launchpad Removal.exe

2010-02-03 11:43 . 2010-02-03 11:44 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\U3

2010-02-02 16:39 . 2010-02-02 16:39 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\AVG9

2010-02-02 14:49 . 2010-02-02 14:49 -------- d-----w- c:\windows\Sun

2010-02-02 14:29 . 2010-02-02 14:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\IObit

2010-02-02 14:27 . 2010-02-02 14:45 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\IObit

2010-02-02 14:27 . 2010-02-02 14:27 -------- d-----w- c:\arquivos de programas\IObit

2010-02-02 13:31 . 2008-04-13 21:20 26624 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2010-02-02 13:31 . 2008-04-13 21:20 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-02-02 13:31 . 2010-02-02 13:31 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2010-02-02 13:30 . 2010-02-25 11:58 -------- d-----w- c:\windows\system32\LogFiles

2010-02-02 13:30 . 2010-02-02 13:30 -------- d-----w- c:\windows\system32\drivers\UMDF

2010-02-02 13:30 . 2006-09-25 19:58 23856 ----a-w- c:\windows\system32\spupdsvc.exe

2010-02-02 13:22 . 2010-02-02 12:47 877848 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.exe

2010-02-02 13:22 . 2010-02-02 12:47 1657112 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.dll

2010-02-02 13:22 . 2010-02-02 12:47 798488 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avginet.dll

2010-02-02 13:22 . 2010-02-02 12:47 613656 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgiproxy.exe

2010-02-02 13:09 . 2010-02-02 13:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-02-02 13:01 . 2010-02-02 13:01 -------- d-----w- c:\arquivos de programas\AnswerWorks 4.0

2010-02-02 13:00 . 2010-02-02 13:02 -------- d-----w- c:\arquivos de programas\AutoCAD 2007

2010-02-02 13:00 . 2010-02-02 13:00 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\Autodesk

2010-02-02 13:00 . 2010-02-02 13:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Autodesk

2010-02-02 13:00 . 2006-10-26 21:58 30512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll

2010-02-02 13:00 . 2006-10-26 21:58 30512 ----a-w- c:\windows\system32\mdimon.dll

2010-02-02 12:59 . 2010-02-02 12:59 -------- d-----w- c:\arquivos de programas\Microsoft Works

2010-02-02 12:58 . 2010-02-02 13:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Autodesk Shared

2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\arquivos de programas\Autodesk

2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\arquivos de programas\Microsoft.NET

2010-02-02 12:56 . 2010-02-02 12:56 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-02-02 12:56 . 2010-02-02 12:59 -------- d-----w- c:\windows\SHELLNEW

2010-02-02 12:56 . 2010-02-02 13:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-02-02 12:56 . 2010-02-02 12:56 -------- d-----r- C:\MSOCache

2010-02-02 12:51 . 2010-02-26 18:16 -------- d-----w- c:\documents and settings\Projetos 01\Tracing

2010-02-02 12:50 . 2010-02-02 12:50 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2010-02-02 12:49 . 2010-02-02 12:49 -------- d-----w- c:\arquivos de programas\Microsoft

2010-02-02 12:49 . 2010-02-02 12:49 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2010-02-02 12:49 . 2010-02-02 12:50 -------- d-----w- c:\arquivos de programas\Windows Live

2010-02-02 12:47 . 2010-03-01 15:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2010-02-02 12:47 . 2010-02-02 12:47 -------- d-----w- c:\arquivos de programas\AVG

2010-02-02 12:47 . 2010-02-02 12:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2010-02-02 12:44 . 2010-02-03 11:41 -------- d-----w- c:\arquivos de programas\AutorunRemover

2010-02-02 12:42 . 2008-04-13 13:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

2010-02-02 12:40 . 2010-02-09 11:17 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-02-02 12:39 . 2010-02-02 12:39 -------- d-----w- c:\arquivos de programas\CHANGJIE

2010-02-02 12:39 . 2010-02-02 12:39 -------- d-----w- c:\arquivos de programas\TCIME

2010-02-02 12:39 . 2010-02-02 12:39 -------- d-----w- c:\arquivos de programas\SCIME

2010-02-02 12:39 . 2010-02-02 12:39 -------- d-----w- c:\arquivos de programas\KOIME

2010-02-02 12:38 . 2010-02-02 12:38 -------- d-----w- c:\windows\LHSP

2010-02-02 12:36 . 2002-02-18 12:23 46352 ----a-w- c:\windows\setdebug.exe

2010-02-02 12:36 . 2002-02-18 12:22 171280 ----a-w- c:\windows\system32\jit.dll

2010-02-02 12:36 . 2002-02-18 12:22 139536 ----a-w- c:\windows\system32\javaee.dll

2010-02-02 12:36 . 2002-02-18 09:35 6550 ----a-w- c:\windows\jautoexp.dat

2010-02-02 12:36 . 2002-02-18 09:34 313856 ----a-w- c:\windows\system32\dx3j.dll

2010-02-02 12:33 . 2008-08-01 03:36 54784 ----a-r- c:\windows\system32\drivers\NVENETFD.sys

2010-02-02 12:33 . 2008-08-01 03:35 200704 ----a-r- c:\windows\system32\fdco1ins.dll

2010-02-02 12:33 . 2008-08-01 03:35 200704 ----a-r- c:\windows\system32\fdco1.dll

2010-02-02 12:33 . 2008-07-07 17:45 4984 ----a-r- c:\windows\system32\drivers\nvphy.bin

2010-02-02 12:33 . 2008-07-29 05:33 446464 ----a-w- c:\windows\system32\nvunrm.exe

2010-02-02 12:33 . 2008-08-01 03:34 9216 ----a-r- c:\windows\system32\bdco1ins.dll

2010-02-02 12:33 . 2008-08-01 03:34 9216 ----a-r- c:\windows\system32\bdco1.dll

2010-02-02 12:33 . 2008-07-29 05:33 122880 ----a-r- c:\windows\system32\nvconrm.dll

2010-02-02 12:33 . 2008-08-01 03:36 22016 ----a-r- c:\windows\system32\drivers\nvnetbus.sys

2010-02-02 12:33 . 2008-08-01 03:35 955520 ----a-r- c:\windows\system32\drivers\nvnrm.sys

2010-02-02 12:21 . 2010-02-02 12:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ahead

2010-02-02 12:18 . 2010-02-02 12:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead

2010-02-02 12:18 . 2010-02-02 12:18 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero

2010-02-02 12:18 . 2010-02-02 12:18 -------- d-----w- c:\arquivos de programas\Nero

2010-02-02 12:18 . 2010-02-02 12:18 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2010-02-02 12:18 . 2010-02-02 12:18 -------- d-----w- c:\arquivos de programas\DVD Shrink

2010-02-02 12:16 . 2007-01-09 00:17 27168 ------w- c:\windows\system32\msxml3a.dll

2010-02-02 12:16 . 2007-01-09 00:17 502816 ------w- c:\windows\system32\msvcp71.dll

2010-02-02 12:16 . 2007-01-09 00:17 351264 ------w- c:\windows\system32\msvcr71.dll

2010-02-02 12:16 . 2010-02-02 12:17 -------- d-----w- c:\arquivos de programas\CyberLink

2010-02-02 12:15 . 2010-02-08 11:04 -------- d-----w- c:\arquivos de programas\Java

2010-02-02 12:15 . 2010-02-02 12:15 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-02-02 12:15 . 2010-02-02 12:15 0 ----a-w- c:\windows\nsreg.dat

2010-02-02 12:14 . 2010-02-02 12:14 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2010-02-02 12:14 . 2010-02-02 12:14 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real

2010-02-02 12:14 . 2010-02-02 12:14 -------- d-----w- c:\arquivos de programas\Real

2010-02-02 12:11 . 2010-02-02 12:11 -------- d-----w- c:\windows\system32\Lang

2010-02-02 12:09 . 2008-08-24 19:22 14208 ----a-r- c:\windows\system32\drivers\nvsmu.sys

2010-02-02 12:09 . 2008-08-21 07:17 122880 ----a-r- c:\windows\system32\NVCOSMU.DLL

2010-02-02 12:09 . 2008-08-21 07:17 453152 ----a-w- c:\windows\system32\nvusmu.exe

2010-02-02 12:08 . 2010-02-02 12:08 -------- d-----w- c:\windows\nview

2010-02-02 12:08 . 2008-08-01 06:48 453152 ----a-w- c:\windows\system32\nvudisp.exe

2010-02-02 12:07 . 2008-08-20 10:35 453152 ----a-r- c:\windows\system32\nvuninst.exe

2010-02-02 12:07 . 2008-08-20 10:35 122880 ----a-r- c:\windows\system32\NVCOSMB.DLL

2010-02-02 12:07 . 2008-08-20 10:35 453152 ----a-w- c:\windows\system32\nvusmb.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-01 18:20 . 2001-10-28 14:07 67232 ----a-w- c:\windows\system32\perfc016.dat

2010-03-01 18:20 . 2001-10-28 14:07 425072 ----a-w- c:\windows\system32\perfh016.dat

2010-02-18 16:21 . 2010-02-02 12:10 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-02-02 17:20 . 2010-02-02 12:35 -------- d-----w- c:\documents and settings\Projetos 01\Dados de aplicativos\LimeWire

2010-02-02 14:41 . 2010-02-02 12:35 -------- d-----w- c:\arquivos de programas\LimeWire

2010-02-02 12:48 . 2010-02-02 13:37 12464 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgrsstx.dll

2010-02-02 12:37 . 2010-02-02 12:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\L&H Shared

2010-02-02 12:37 . 2010-02-02 12:37 -------- d-----w- c:\arquivos de programas\LHSP

2010-02-02 12:37 . 2010-02-02 12:37 -------- d-----w- c:\arquivos de programas\Positivo

2010-02-02 12:37 . 2010-02-02 12:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2010-02-02 12:36 . 2010-02-02 12:36 2232 ----a-w- c:\windows\java\Packages\Data\53J7HVJR.DAT

2010-02-02 12:36 . 2010-02-02 12:36 155995 ----a-w- c:\windows\java\Packages\XRFNX7F5.ZIP

2010-02-02 12:36 . 2010-02-02 12:36 2678 ----a-w- c:\windows\java\Packages\Data\HF9VTFVD.DAT

2010-02-02 12:36 . 2010-02-02 12:36 2678 ----a-w- c:\windows\java\Packages\Data\9B3VX3RX.DAT

2010-02-02 12:36 . 2010-02-02 12:36 2678 ----a-w- c:\windows\java\Packages\Data\CCJH353H.DAT

2010-02-02 12:36 . 2010-02-02 12:36 2678 ----a-w- c:\windows\java\Packages\Data\4KJRNPNR.DAT

2010-02-02 12:36 . 2010-02-02 12:36 2678 ----a-w- c:\windows\java\Packages\Data\01JJX73V.DAT

2010-02-02 12:20 . 2010-02-02 11:54 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-02-02 12:10 . 2010-02-02 12:10 -------- d-----w- c:\arquivos de programas\Realtek

2010-02-02 11:55 . 2010-02-02 11:55 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2010-02-02 11:54 . 2010-02-02 11:54 -------- d-----w- c:\arquivos de programas\Serviços on-line

2010-02-02 11:53 . 2010-02-02 11:53 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2010-02-02 11:52 . 2010-02-02 11:52 21844 ----a-w- c:\windows\system32\emptyregdb.dat

.

 

------- Sigcheck -------

 

[-] 2009-05-24 . 1D01C384F3BA123EB6F09769DEA005AC . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-02-02 180269]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2010-02-08 149280]

"AutorunRemover.exe"="c:\arquivos de programas\AutorunRemover\AutorunRemover.exe" [2010-02-02 488960]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13529088]

"UnlockerAssistant"="c:\arquivos de programas\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-17 17508864]

"avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4990:TCP"= 4990:TCP:ccpvbyql

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/3/2010 12:37 162512]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/3/2010 12:37 19024]

S2 gupdate1caa593386fee70;Google Update Service (gupdate1caa593386fee70);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [4/2/2010 09:11 133104]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/2/2010 09:10 1684736]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-04 12:11]

 

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-04 12:11]

.

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~4\Office12\EXCEL.EXE/3000

TCP: {6DC2657B-8D53-4405-9553-2210BE598015} = 201.16.252.2

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\Projetos 01\Dados de aplicativos\Mozilla\Firefox\Profiles\wf6bsv1z.default\

FF - prefs.js: browser.startup.homepage - www.google.com.br

FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.17\npGoogleOneClick8.dll

 

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-02 09:42

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(2936)

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2010-03-02 09:43:25

ComboFix-quarantined-files.txt 2010-03-02 12:43

ComboFix2.txt 2010-03-01 13:02

 

Pré-execução: 9 pasta(s) 124.815.618.048 bytes disponíveis

Pós execução: 10 pasta(s) 124.831.707.136 bytes disponíveis

 

- - End Of File - - 0D80261E610028926318B9EC7ABBDF9E

[wings 22]

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

 

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4990:TCP"=-

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

 

*Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N ou 2.

 

*Cole o relatório criado em C:\combofix.txt