Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
bonetatoo

Remoção virus msn ( resultado do Hijackthis )

Recommended Posts

Bom galera , criei um topico falando de meu problema com um virus do msn q nao sai por nada , ja utilizei todos ferramentes de remoçao possiveis , ae pediram pra eu postar o,og do Hijackthis aqui e ae vai :

Logfile of HijackThis v1.99.1

Scan saved at 01:05:50, on 30/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe

C:\ARQUIV~1\MICROS~4\rapimgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\ARQUIV~1\FREEDO~1\fdm.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\xBone\NOVAS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\bony\kwa.exe \o

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Arquivos de programas\Video ActiveX Access\iesbpl.dll (file missing)

O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Arquivos de programas\AOL Security Toolbar\AOL_security_toolbar.dll

O3 - Toolbar: GVDownloader - {ae4df123-9140-4f93-9b32-ff0186389cc3} - mscoree.dll (file missing)

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [mhuvt] C:\WINDOWS\system32\mhuvt.exe \j

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E cellSpacing=5 cellPadding=3 width=400} -

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Siga as instruções contidas no link abaixo e instale e execute o Combofix:

http://www.bleepingcomputer.com/combofix/pt/como-usar-o-combofix

  • É importante que instale a console de recuperação também.
  • Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt).
  • Cole o conteúdo desse arquivo e faça também um novo log do HijackThis para colocar na sua resposta.

Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver rodando, isso pode fazer com que o pc pare.

Nota: Por favor, NÃO utilize o ComboFix sozinho. É uma ferramenta poderosa criada pra lidar com infeções sofisticadas e caso não a utilize correctamente poderá danificar o seu computador. A ferramenta apenas deve ser utilizada sob supervisão de Assistentes de remoção de malware.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola Lusitano , Li o link do tutorial do combofix e entendi direitinho o que fazer , pode deixar cara , vou seguir a risca suas instruçoes , fazerei hj quando chegar do trabalho ( 00:00 ) e postarei o resultado de td pela manha pra você avaliar ok ?

grande abraço e obrigado desde ja pela ajuda .

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola Lusitano , conforme suas instruçoes ae vai o log do COMBOFIX e do HIJACKTHIS

LOG COMBOFIX :

ComboFix 08-09-28.05 - bony 2008-10-02 0:47:11.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.197 [GMT -3:00]

Executando de: C:\Documents and Settings\bony\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\bony\Desktop\WinXP_BR_PRO_BF.EXE

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\Need2Find

C:\Arquivos de programas\Need2Find\bar\2.bin\N2FFXTBR.JAR

C:\Arquivos de programas\Need2Find\bar\2.bin\N2NTSTBR.JAR

C:\Arquivos de programas\Need2Find\bar\2.bin\PARTNER.DAT

C:\Arquivos de programas\Need2Find\bar\Cache\02026906

C:\Arquivos de programas\Need2Find\bar\Cache\02026E84

C:\Arquivos de programas\Need2Find\bar\Cache\files.ini

C:\Arquivos de programas\Need2Find\bar\History\search

C:\Arquivos de programas\Need2Find\bar\Settings\prevcfg.htm

C:\Documents and Settings\bony\Cookies\bony@etology[1].txt

C:\Documents and Settings\bony\Cookies\bony@web2.checkm8[2].txt

C:\Documents and Settings\bony\Cookies\bony@www.clubedaputariabr[2].txt

C:\WINDOWS\system32\autoconvv.RRI

C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL

C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\desktop.ini

C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\ImageUploader3.inf

C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\ImageUploader3.ocx

C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\MessengerStatsPAClient.dll

C:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\msgrchkr.dll

C:\WINDOWS\system32AntiDelete

.

((((((((((((((((((((((( Ficheiros criados de 2008-09-02 to 2008-10-02 ))))))))))))))))))))))))))))))))

.

2008-09-25 13:22 . 2008-09-25 13:22 <DIR> d-------- C:\Arquivos de programas\AxBx

2008-09-25 11:08 . 2008-09-25 11:08 <DIR> d-------- C:\WINDOWS\system32\xircom

2008-09-25 11:08 . 2008-09-25 11:08 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

2008-09-25 01:04 . 2008-09-25 01:09 <DIR> d-------- C:\Arquivos de programas\MYMA Decoder and Viewer

2008-09-25 00:42 . 2008-09-25 13:11 <DIR> d-------- C:\MSNCleaner

2008-09-24 21:32 . 2008-09-23 18:12 19,968 --a------ C:\WINDOWS\system32\mhuvt.exe

2008-09-24 21:32 . 2008-09-23 18:12 19,968 ---h----- C:\Documents and Settings\bony\kwa.exe

2008-09-23 11:33 . 2008-09-23 11:33 <DIR> d-------- C:\Documents and Settings\bony\Dados de aplicativos\Desktopicon

2008-09-23 11:33 . 2008-09-23 11:33 <DIR> d-------- C:\Arquivos de programas\Unlocker

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-01 12:20 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-10-01 12:20 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-10-01 04:53 --------- d-----w C:\Documents and Settings\bony\Dados de aplicativos\Free Download Manager

2008-09-27 16:10 --------- d-----w C:\Arquivos de programas\SUPERAntiSpyware

2008-09-10 00:46 --------- d-----w C:\Arquivos de programas\DreMule

2008-08-30 01:30 --------- d-----w C:\Arquivos de programas\FolderAccess

2008-08-26 14:33 16,384 ----a-w C:\WINDOWS\~DFD7EC.tmp

2008-08-25 14:19 16,384 ----a-w C:\WINDOWS\~DFD7E0.tmp

2008-08-24 13:01 16,384 ----a-w C:\WINDOWS\~DFD7BA.tmp

2008-08-23 18:43 16,384 ----a-w C:\WINDOWS\~DFD68D.tmp

2008-08-23 14:17 16,384 ----a-w C:\WINDOWS\~DFD5DF.tmp

2008-08-22 13:39 16,384 ----a-w C:\WINDOWS\~DFD654.tmp

2008-08-21 13:34 16,384 ----a-w C:\WINDOWS\~DFD7C6.tmp

2008-08-20 13:53 16,384 ----a-w C:\WINDOWS\~DFD5D6.tmp

2008-08-19 12:11 16,384 ----a-w C:\WINDOWS\~DFD62B.tmp

2008-08-19 01:02 16,384 ----a-w C:\WINDOWS\~DFD647.tmp

2008-08-19 00:10 16,384 ----a-w C:\WINDOWS\~DFD54B.tmp

2008-08-18 12:11 16,384 ----a-w C:\WINDOWS\~DFDB72.tmp

2008-08-17 14:17 16,384 ----a-w C:\WINDOWS\~DFD63B.tmp

2008-08-16 11:24 16,384 ----a-w C:\WINDOWS\~DFD631.tmp

2008-08-15 14:48 16,384 ----a-w C:\WINDOWS\~DFD7B9.tmp

2008-08-15 07:46 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-08-14 14:09 16,384 ----a-w C:\WINDOWS\~DFD7F7.tmp

2008-08-13 15:09 16,384 ----a-w C:\WINDOWS\~DFD931.tmp

2008-08-12 15:31 --------- d-----w C:\Arquivos de programas\HP

2008-08-12 15:31 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

2008-08-12 15:22 16,384 ----a-w C:\WINDOWS\~DFD7B6.tmp

2008-08-11 12:38 16,384 ----a-w C:\WINDOWS\~DFD7B8.tmp

2008-08-10 16:19 16,384 ----a-w C:\WINDOWS\~DFD7F4.tmp

2008-08-09 14:06 16,384 ----a-w C:\WINDOWS\~DFD7F5.tmp

2008-08-08 13:34 16,384 ----a-w C:\WINDOWS\~DFD7CB.tmp

2008-08-07 13:17 16,384 ----a-w C:\WINDOWS\~DFD7CE.tmp

2008-08-06 13:20 16,384 ----a-w C:\WINDOWS\~DFD7D4.tmp

2008-08-06 04:21 304,182 ----a-w C:\StiImg.dat

2008-08-05 13:03 16,384 ----a-w C:\WINDOWS\~DFD7A0.tmp

2008-08-04 13:20 16,384 ----a-w C:\WINDOWS\~DFD7BF.tmp

2008-08-03 15:10 16,384 ----a-w C:\WINDOWS\~DFD63C.tmp

2008-08-03 03:19 16,384 ----a-w C:\WINDOWS\~DFD7A3.tmp

2008-08-02 15:09 16,384 ----a-w C:\WINDOWS\~DFD7BD.tmp

2008-08-02 05:18 16,384 ----a-w C:\WINDOWS\~DFD792.tmp

2008-08-01 18:07 16,384 ----a-w C:\WINDOWS\~DFD7BC.tmp

2008-08-01 12:23 16,384 ----a-w C:\WINDOWS\~DFD4CE.tmp

2008-07-31 15:43 16,384 ----a-w C:\WINDOWS\~DFE6AD.tmp

2008-07-31 13:42 16,384 ----a-w C:\WINDOWS\~DFD7DC.tmp

2008-07-30 13:11 16,384 ----a-w C:\WINDOWS\~DFD71D.tmp

2008-07-29 13:36 16,384 ----a-w C:\WINDOWS\~DFD77F.tmp

2008-07-28 16:42 16,384 ----a-w C:\WINDOWS\~DFD785.tmp

2008-07-27 22:06 16,384 ----a-w C:\WINDOWS\~DFD7D7.tmp

2008-07-25 23:39 16,384 ----a-w C:\WINDOWS\~DFD783.tmp

2008-07-25 15:39 16,384 ----a-w C:\WINDOWS\~DFD59F.tmp

2008-07-24 16:02 16,384 ----a-w C:\WINDOWS\~DFDC6C.tmp

2008-07-24 15:15 16,384 ----a-w C:\WINDOWS\~DFD6CD.tmp

2008-07-24 13:37 16,384 ----a-w C:\WINDOWS\~DFD798.tmp

2008-07-23 11:49 16,384 ----a-w C:\WINDOWS\~DFD726.tmp

2008-07-22 17:52 23 ----a-w C:\Documents and Settings\bony\jagex_runescape_preferences.dat

2008-07-22 13:25 16,384 ----a-w C:\WINDOWS\~DFD5F5.tmp

2008-07-21 13:36 16,384 ----a-w C:\WINDOWS\~DFD7AB.tmp

2008-07-20 12:34 16,384 ----a-w C:\WINDOWS\~DFD717.tmp

2008-07-19 13:51 16,384 ----a-w C:\WINDOWS\~DFD750.tmp

2008-07-19 03:24 16,384 ----a-w C:\WINDOWS\~DFD71C.tmp

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-18 14:24 16,384 ----a-w C:\WINDOWS\~DFD5A7.tmp

2008-07-18 03:23 16,384 ----a-w C:\WINDOWS\~DFD744.tmp

2008-07-17 13:37 16,384 ----a-w C:\WINDOWS\~DFD786.tmp

2008-07-16 19:20 16,384 ----a-w C:\WINDOWS\~DFD752.tmp

2008-07-16 13:09 16,384 ----a-w C:\WINDOWS\~DFD5F3.tmp

2008-07-16 03:24 16,384 ----a-w C:\WINDOWS\~DFD5F1.tmp

2008-07-15 13:40 16,384 ----a-w C:\WINDOWS\~DFD712.tmp

2008-07-15 03:22 16,384 ----a-w C:\WINDOWS\~DFD728.tmp

2008-07-14 14:48 16,384 ----a-w C:\WINDOWS\~DFD76F.tmp

2008-07-13 14:26 16,384 ----a-w C:\WINDOWS\~DFD7C0.tmp

2008-07-12 12:44 16,384 ----a-w C:\WINDOWS\~DFD738.tmp

2008-07-12 01:10 16,384 ----a-w C:\WINDOWS\~DFD758.tmp

2008-07-11 14:16 16,384 ----a-w C:\WINDOWS\~DFD75A.tmp

2008-07-11 03:23 16,384 ----a-w C:\WINDOWS\~DFD71B.tmp

2008-07-10 13:05 16,384 ----a-w C:\WINDOWS\~DFD7AD.tmp

2008-07-10 03:22 16,384 ----a-w C:\WINDOWS\~DFD78E.tmp

2008-07-09 14:09 16,384 ----a-w C:\WINDOWS\~DFD71F.tmp

2008-07-09 04:07 5,632 --sha-w C:\Arquivos de programas\Thumbs.db

2008-07-09 03:21 16,384 ----a-w C:\WINDOWS\~DFD7F9.tmp

2008-07-08 15:37 16,384 ----a-w C:\WINDOWS\~DFD778.tmp

2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\DllCache\es.dll

2008-07-07 12:11 16,384 ----a-w C:\WINDOWS\~DFD764.tmp

2008-07-06 20:01 16,384 ----a-w C:\WINDOWS\~DFE452.tmp

2008-07-06 14:51 16,384 ----a-w C:\WINDOWS\~DFD5AF.tmp

2008-07-05 13:02 16,384 ----a-w C:\WINDOWS\~DFD5AC.tmp

2008-07-05 03:21 16,384 ----a-w C:\WINDOWS\~DFD56E.tmp

2008-07-04 14:08 16,384 ----a-w C:\WINDOWS\~DFD44B.tmp

2008-07-04 03:21 16,384 ----a-w C:\WINDOWS\~DFD21D.tmp

2008-07-03 13:04 16,384 ----a-w C:\WINDOWS\~DFD5C8.tmp

2008-07-03 03:59 16,384 ----a-w C:\WINDOWS\~DFD530.tmp

2008-07-03 03:43 16,384 ----a-w C:\WINDOWS\~DFD3CF.tmp

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"H/PC Connection Agent"="C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1211176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-07-05 180269]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]

"!AVG Anti-Spyware"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]

"HP Software Update"="C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]

"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]

"DeviceDiscovery"="C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]

"UnlockerAssistant"="C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"mhuvt"="C:\WINDOWS\system32\mhuvt.exe" [2008-09-23 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\

Reboot.exe [2004-10-01 334336]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-11 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2006-10-19 09:12 258048 C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.3iv2"= 3ivxVfWCodec.dll

"VIDC.VP31"= vp31vfw.dll

"msacm.l3fhg"= mp3fhg.acm

"VIDC.X264"= x264vfw.dll

"msacm.l3codec"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Reboot.exe]

path=C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Reboot.exe

backup=C:\WINDOWS\pss\Reboot.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^bony^Menu Iniciar^Programas^Inicializar^MSN Pictures Displayer.lnk]

path=C:\Documents and Settings\bony\Menu Iniciar\Programas\Inicializar\MSN Pictures Displayer.lnk

backup=C:\WINDOWS\pss\MSN Pictures Displayer.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]

C:\Arquivos de programas\VIA\RAID\raid_t [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

--a------ 2007-06-11 06:25 6731312 C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-04 00:45 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2007-09-18 11:16 171464 C:\Arquivos de programas\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

--a------ 2007-01-01 19:54 3735552 C:\Arquivos de programas\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--------- 2005-01-28 05:17 1381376 C:\Arquivos de programas\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 12:54 5674352 C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

--a------ 2008-02-25 22:23 443968 C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-03-14 03:43 83608 C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-07-05 18:52 180269 C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2005-11-15 16:31 33792 C:\Arquivos de programas\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

-ra------ 2001-10-22 17:24 1216512 C:\WINDOWS\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]

-ra------ 2004-01-29 21:33 180224 C:\WINDOWS\system32\pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

-ra------ 2005-03-07 16:33 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

-ra------ 2005-03-11 06:33 147456 C:\WINDOWS\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"AVP"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"C:\\Documents and Settings\\bony\\kwa.exe"=

"C:\\WINDOWS\\system32\\mhuvt.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00

*Newly Created Service* - PROCEXP90

.

- - - - ORFAOS REMOVIDOS - - - -

HKLM-Run-AVG7_CC - C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

HKLM-Run-Adobe Photo Downloader - C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

MSConfigStartUp-AdVantage - C:\Arquivos de programas\AdVantage\AdVantage.exe

MSConfigStartUp-DownloadAccelerator - C:\Arquivos de programas\DAP\DAP.EXE

MSConfigStartUp-PC Suite Tray - C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe

MSConfigStartUp-swg - C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

MSConfigStartUp-VirusProtectPro 3 - C:\Arquivos de programas\VirusProtectPro 3.3\VirusProtectPro 3.3.exe

.

------- Ccan Suplementar -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.terra.com.br/

R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

O8 -: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 -: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 -: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 -: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 -: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 -: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 -: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-02 00:52:09

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf]

"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfRd]

"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]

"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"

"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf]

"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfRd]

"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]

"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]

"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"

"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"

.

Tempo para conclusão: 2008-10-02 0:56:54

ComboFix-quarantined-files.txt 2008-10-02 03:56:46

Pre-Run: 12 pasta(s) 30.777.946.112 bytes disponíveis

Post-Run: 16 pasta(s) 31,337,099,264 bytes disponíveis

WinXP_BR_PRO_BF.EXE

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

301 --- E O F --- 2008-09-11 05:32:51

LOG HIJKACKTHIS :

Logfile of HijackThis v1.99.1

Scan saved at 00:58:50, on 2/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe

C:\ARQUIV~1\MICROS~4\rapimgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\xBone\NOVAS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Arquivos de programas\AOL Security Toolbar\AOL_security_toolbar.dll

O3 - Toolbar: GVDownloader - {ae4df123-9140-4f93-9b32-ff0186389cc3} - mscoree.dll (file missing)

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [mhuvt] C:\WINDOWS\system32\mhuvt.exe \j

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E cellSpacing=5 cellPadding=3 width=400} -

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Visite este site:

http://www.bleepingcomputer.com/submit-malware.php?channel=4

  • Na caixa "Link to topic where this file was requested:", copie e cole o link deste topico:
    http://forum.clubedohardware.com.br/remocao-virus-msn/584956

[*]Na caixa "Browse to the file you want to submit:", coloque:

  • C:\WINDOWS\system32\mhuvt.exe
Clique no botão Browse...
Na caixa " Leave any comments, further information about this file, or contact information: ", coloque:
  • Lusitano request

[*]Clique no botão Send File

[*]Repita o procedimento e envie também estes arquivos:

  • C:\Documents and Settings\bony\kwa.exe

Baixe o ATF-Cleaner.

  • Clique em ATF-Cleaner.exe .
  • Em "Select Files To Delete", marque Select All.
  • Clique em Empty Selected.
  • Na janela Done Cleaning dê o OK e Exit.

Atenção: Se utiliza o Firefox:

  • No topo clique em Firefox e escolha: Select All
  • Depois, clique em Empty Selected.

Atenção: Se utiliza o Opera:

  • No topo clique em Opera e escolha: Select All
  • Depois, clique em Empty Selected.

Nota muito importante: Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reactive as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Quote":

File::
C:\WINDOWS\system32\mhuvt.exe
C:\Documents and Settings\bony\kwa.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mhuvt"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Documents and Settings\\bony\\kwa.exe"=-
"C:\\WINDOWS\\system32\\mhuvt.exe"=-

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Cole o conteúdo desse arquivo C:\ComboFix.txt.
  • Faça também um novo log do HijackThis para colocar na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola caro amigo Lusitano , segui atentamente suas instruçoes acima e abaixo segue o resultado :

COMBOFIX :

ComboFix 08-10-02.04 - bony 2008-10-03 1:39:49.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.142 [GMT -3:00]

Executando de: C:\Documents and Settings\bony\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\bony\Desktop\CFScript.txt

* Criado um novo ponto de restauro

FILE ::

C:\Documents and Settings\bony\kwa.exe

C:\WINDOWS\system32\mhuvt.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\bony\kwa.exe

C:\WINDOWS\system32\mhuvt.exe

.

((((((((((((((((((((((( Ficheiros criados de 2008-09-03 to 2008-10-03 ))))))))))))))))))))))))))))))))

.

2008-09-25 13:22 . 2008-09-25 13:22 <DIR> d-------- C:\Arquivos de programas\AxBx

2008-09-25 11:08 . 2008-09-25 11:08 <DIR> d-------- C:\WINDOWS\system32\xircom

2008-09-25 11:08 . 2008-09-25 11:08 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

2008-09-25 01:04 . 2008-09-25 01:09 <DIR> d-------- C:\Arquivos de programas\MYMA Decoder and Viewer

2008-09-25 00:42 . 2008-09-25 13:11 <DIR> d-------- C:\MSNCleaner

2008-09-23 11:33 . 2008-09-23 11:33 <DIR> d-------- C:\Documents and Settings\bony\Dados de aplicativos\Desktopicon

2008-09-23 11:33 . 2008-09-23 11:33 <DIR> d-------- C:\Arquivos de programas\Unlocker

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-01 12:20 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-10-01 12:20 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-10-01 04:53 --------- d-----w C:\Documents and Settings\bony\Dados de aplicativos\Free Download Manager

2008-09-27 16:10 --------- d-----w C:\Arquivos de programas\SUPERAntiSpyware

2008-09-10 00:46 --------- d-----w C:\Arquivos de programas\DreMule

2008-08-30 01:30 --------- d-----w C:\Arquivos de programas\FolderAccess

2008-08-26 14:33 16,384 ----a-w C:\WINDOWS\~DFD7EC.tmp

2008-08-25 14:19 16,384 ----a-w C:\WINDOWS\~DFD7E0.tmp

2008-08-24 13:01 16,384 ----a-w C:\WINDOWS\~DFD7BA.tmp

2008-08-23 18:43 16,384 ----a-w C:\WINDOWS\~DFD68D.tmp

2008-08-23 14:17 16,384 ----a-w C:\WINDOWS\~DFD5DF.tmp

2008-08-22 13:39 16,384 ----a-w C:\WINDOWS\~DFD654.tmp

2008-08-21 13:34 16,384 ----a-w C:\WINDOWS\~DFD7C6.tmp

2008-08-20 13:53 16,384 ----a-w C:\WINDOWS\~DFD5D6.tmp

2008-08-19 12:11 16,384 ----a-w C:\WINDOWS\~DFD62B.tmp

2008-08-19 01:02 16,384 ----a-w C:\WINDOWS\~DFD647.tmp

2008-08-19 00:10 16,384 ----a-w C:\WINDOWS\~DFD54B.tmp

2008-08-18 12:11 16,384 ----a-w C:\WINDOWS\~DFDB72.tmp

2008-08-17 14:17 16,384 ----a-w C:\WINDOWS\~DFD63B.tmp

2008-08-16 11:24 16,384 ----a-w C:\WINDOWS\~DFD631.tmp

2008-08-15 14:48 16,384 ----a-w C:\WINDOWS\~DFD7B9.tmp

2008-08-15 07:46 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-08-14 14:09 16,384 ----a-w C:\WINDOWS\~DFD7F7.tmp

2008-08-13 15:09 16,384 ----a-w C:\WINDOWS\~DFD931.tmp

2008-08-12 15:31 --------- d-----w C:\Arquivos de programas\HP

2008-08-12 15:31 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

2008-08-12 15:22 16,384 ----a-w C:\WINDOWS\~DFD7B6.tmp

2008-08-11 12:38 16,384 ----a-w C:\WINDOWS\~DFD7B8.tmp

2008-08-10 16:19 16,384 ----a-w C:\WINDOWS\~DFD7F4.tmp

2008-08-09 14:06 16,384 ----a-w C:\WINDOWS\~DFD7F5.tmp

2008-08-08 13:34 16,384 ----a-w C:\WINDOWS\~DFD7CB.tmp

2008-08-07 13:17 16,384 ----a-w C:\WINDOWS\~DFD7CE.tmp

2008-08-06 13:20 16,384 ----a-w C:\WINDOWS\~DFD7D4.tmp

2008-08-06 04:21 304,182 ----a-w C:\StiImg.dat

2008-08-05 13:03 16,384 ----a-w C:\WINDOWS\~DFD7A0.tmp

2008-08-04 13:20 16,384 ----a-w C:\WINDOWS\~DFD7BF.tmp

2008-08-03 15:10 16,384 ----a-w C:\WINDOWS\~DFD63C.tmp

2008-08-03 03:19 16,384 ----a-w C:\WINDOWS\~DFD7A3.tmp

2008-08-02 15:09 16,384 ----a-w C:\WINDOWS\~DFD7BD.tmp

2008-08-02 05:18 16,384 ----a-w C:\WINDOWS\~DFD792.tmp

2008-08-01 18:07 16,384 ----a-w C:\WINDOWS\~DFD7BC.tmp

2008-08-01 12:23 16,384 ----a-w C:\WINDOWS\~DFD4CE.tmp

2008-07-31 15:43 16,384 ----a-w C:\WINDOWS\~DFE6AD.tmp

2008-07-31 13:42 16,384 ----a-w C:\WINDOWS\~DFD7DC.tmp

2008-07-30 13:11 16,384 ----a-w C:\WINDOWS\~DFD71D.tmp

2008-07-29 13:36 16,384 ----a-w C:\WINDOWS\~DFD77F.tmp

2008-07-28 16:42 16,384 ----a-w C:\WINDOWS\~DFD785.tmp

2008-07-27 22:06 16,384 ----a-w C:\WINDOWS\~DFD7D7.tmp

2008-07-25 23:39 16,384 ----a-w C:\WINDOWS\~DFD783.tmp

2008-07-25 15:39 16,384 ----a-w C:\WINDOWS\~DFD59F.tmp

2008-07-24 16:02 16,384 ----a-w C:\WINDOWS\~DFDC6C.tmp

2008-07-24 15:15 16,384 ----a-w C:\WINDOWS\~DFD6CD.tmp

2008-07-24 13:37 16,384 ----a-w C:\WINDOWS\~DFD798.tmp

2008-07-23 11:49 16,384 ----a-w C:\WINDOWS\~DFD726.tmp

2008-07-22 17:52 23 ----a-w C:\Documents and Settings\bony\jagex_runescape_preferences.dat

2008-07-22 13:25 16,384 ----a-w C:\WINDOWS\~DFD5F5.tmp

2008-07-21 13:36 16,384 ----a-w C:\WINDOWS\~DFD7AB.tmp

2008-07-20 12:34 16,384 ----a-w C:\WINDOWS\~DFD717.tmp

2008-07-19 13:51 16,384 ----a-w C:\WINDOWS\~DFD750.tmp

2008-07-19 03:24 16,384 ----a-w C:\WINDOWS\~DFD71C.tmp

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-18 14:24 16,384 ----a-w C:\WINDOWS\~DFD5A7.tmp

2008-07-18 03:23 16,384 ----a-w C:\WINDOWS\~DFD744.tmp

2008-07-17 13:37 16,384 ----a-w C:\WINDOWS\~DFD786.tmp

2008-07-16 19:20 16,384 ----a-w C:\WINDOWS\~DFD752.tmp

2008-07-16 13:09 16,384 ----a-w C:\WINDOWS\~DFD5F3.tmp

2008-07-16 03:24 16,384 ----a-w C:\WINDOWS\~DFD5F1.tmp

2008-07-15 13:40 16,384 ----a-w C:\WINDOWS\~DFD712.tmp

2008-07-15 03:22 16,384 ----a-w C:\WINDOWS\~DFD728.tmp

2008-07-14 14:48 16,384 ----a-w C:\WINDOWS\~DFD76F.tmp

2008-07-13 14:26 16,384 ----a-w C:\WINDOWS\~DFD7C0.tmp

2008-07-12 12:44 16,384 ----a-w C:\WINDOWS\~DFD738.tmp

2008-07-12 01:10 16,384 ----a-w C:\WINDOWS\~DFD758.tmp

2008-07-11 14:16 16,384 ----a-w C:\WINDOWS\~DFD75A.tmp

2008-07-11 03:23 16,384 ----a-w C:\WINDOWS\~DFD71B.tmp

2008-07-10 13:05 16,384 ----a-w C:\WINDOWS\~DFD7AD.tmp

2008-07-10 03:22 16,384 ----a-w C:\WINDOWS\~DFD78E.tmp

2008-07-09 14:09 16,384 ----a-w C:\WINDOWS\~DFD71F.tmp

2008-07-09 04:07 5,632 --sha-w C:\Arquivos de programas\Thumbs.db

2008-07-09 03:21 16,384 ----a-w C:\WINDOWS\~DFD7F9.tmp

2008-07-08 15:37 16,384 ----a-w C:\WINDOWS\~DFD778.tmp

2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\DllCache\es.dll

2008-07-07 12:11 16,384 ----a-w C:\WINDOWS\~DFD764.tmp

2008-07-06 20:01 16,384 ----a-w C:\WINDOWS\~DFE452.tmp

2008-07-06 14:51 16,384 ----a-w C:\WINDOWS\~DFD5AF.tmp

2008-07-05 13:02 16,384 ----a-w C:\WINDOWS\~DFD5AC.tmp

2008-07-05 03:21 16,384 ----a-w C:\WINDOWS\~DFD56E.tmp

2008-07-04 14:08 16,384 ----a-w C:\WINDOWS\~DFD44B.tmp

2008-07-04 03:21 16,384 ----a-w C:\WINDOWS\~DFD21D.tmp

2008-07-03 13:04 16,384 ----a-w C:\WINDOWS\~DFD5C8.tmp

2008-07-03 03:59 16,384 ----a-w C:\WINDOWS\~DFD530.tmp

2008-07-03 03:43 16,384 ----a-w C:\WINDOWS\~DFD3CF.tmp

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"H/PC Connection Agent"="C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1211176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-07-05 180269]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]

"!AVG Anti-Spyware"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]

"HP Software Update"="C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]

"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]

"DeviceDiscovery"="C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]

"UnlockerAssistant"="C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\

Reboot.exe [2004-10-01 334336]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-11 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2006-10-19 09:12 258048 C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.3iv2"= 3ivxVfWCodec.dll

"VIDC.VP31"= vp31vfw.dll

"msacm.l3fhg"= mp3fhg.acm

"VIDC.X264"= x264vfw.dll

"msacm.l3codec"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Reboot.exe]

path=C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Reboot.exe

backup=C:\WINDOWS\pss\Reboot.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^bony^Menu Iniciar^Programas^Inicializar^MSN Pictures Displayer.lnk]

path=C:\Documents and Settings\bony\Menu Iniciar\Programas\Inicializar\MSN Pictures Displayer.lnk

backup=C:\WINDOWS\pss\MSN Pictures Displayer.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]

C:\Arquivos de programas\VIA\RAID\raid_t [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

--a------ 2007-06-11 06:25 6731312 C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-04 00:45 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2007-09-18 11:16 171464 C:\Arquivos de programas\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

--a------ 2007-01-01 19:54 3735552 C:\Arquivos de programas\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--------- 2005-01-28 05:17 1381376 C:\Arquivos de programas\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 12:54 5674352 C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

--a------ 2008-02-25 22:23 443968 C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-03-14 03:43 83608 C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-07-05 18:52 180269 C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2005-11-15 16:31 33792 C:\Arquivos de programas\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

-ra------ 2001-10-22 17:24 1216512 C:\WINDOWS\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]

-ra------ 2004-01-29 21:33 180224 C:\WINDOWS\system32\pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

-ra------ 2005-03-07 16:33 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

-ra------ 2005-03-11 06:33 147456 C:\WINDOWS\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"AVP"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-03 01:42:27

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf]

"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfRd]

"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]

"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"

"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf]

"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfRd]

"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]

"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]

"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"

"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"

.

Tempo para conclusão: 2008-10-03 1:46:14

ComboFix-quarantined-files.txt 2008-10-03 04:45:57

ComboFix2.txt 2008-10-02 03:56:55

Pre-Run: 13 pasta(s) 31.323.185.152 bytes dispon¡veis

Post-Run: 16 pasta(s) 31,365,296,128 bytes dispon¡veis

253 --- E O F --- 2008-09-11 05:32:51

HAJICKTHIS :

Logfile of HijackThis v1.99.1

Scan saved at 01:47:00, on 3/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe

C:\ARQUIV~1\MICROS~4\rapimgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\xBone\NOVAS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Arquivos de programas\AOL Security Toolbar\AOL_security_toolbar.dll

O3 - Toolbar: GVDownloader - {ae4df123-9140-4f93-9b32-ff0186389cc3} - mscoree.dll (file missing)

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E cellSpacing=5 cellPadding=3 width=400} -

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Lusitano ....cara deu certo , fiz o processo acima essa madrugada e desliguei o pc , hj pela manha quando o liguei novamente...bumm.. o maldito virus num ta mais agindo .

cara , nao sei como te agradecer , muito obrigado mesmo e no q precisar... to ae !!!

" o lance é perguntar pra quem realmente entende do assunto . "

Obrigado mais uma vez !!!!

Grande abraço !!

Compartilhar este post


Link para o post
Compartilhar em outros sites

O seu log está limpo

  • Clique em Iniciar depois em Executar
  • Digite agora Combofix /u e clique OK, tal como exemplificado na imagem abaixo.

CF_Cleanup.png

Faça o download de OTMoveIt2 by OldTimer

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique em OTMoveIt.exe
  • Clique no botão 8gehxg0.gif
  • o OTMoveIt irá agora fazer o download duma lista, caso a sua firewall ou outro programa defensivo o alerte disso, permita o acesso.
  • Receberá a pergunta para o processo de limpeza ser iniciado, clique Yes
  • Quando terminar, saia do OTMoveIt
  • Agora elimine o OTMoveIt.exe
  • Elmine também a pasta C:\_OTMoveIt

Agora que seu pc está limpo, siga estes passos para manter seu computador limpo e protegido:

  • Elimine a Pasta (caso exista): Backups do HijackThis
  • Utilize um navegador alternativo e mais seguro:
    firefox-spread-btn-1b.png ou Opera_logo1.gif
  • Utilize uma Firewall - É extremamente importante na proteção ao seu computador.
    Boas opções grátis são:
    Comodo Firewall Pro
    Online Armor Free edition
  • Instale o SpywareBlaster - SpywareBlaster adiciona uma lista de programas e sites maliciosos ao Internet Explorer e FireFox que o irão proteger desses sites e programas.
  • Visite o Secunia Software Inspector e veja o estado dos seus programas no que diz respeito às actualizações.
  • Mantenha seus programas devidamente actualizados.
    Estar actualizado é estar seguro. Clique aqui

Algumas utilidades extras que podem aumentar a proteção ao seu computador:

  • IE/Spyad <=
    IE/Spyad adiciona para cima de 4000 websites e dominios à lista de restrições do IE.
  • MVPS Hosts <= O MVPS Hosts cria um novo arquivo HOSTS contendo sites conhecidos, IP's, etc. Basicamente, irá prevenir que o seu pc se conecte a esses sites maliciosos
  • Google Toolbar <= A toolbar do Google previne os pop up's.

Foi um prazer ajudar thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites

Muito obrigado mais uma vez Lusitano , vou seguir todas suas dicas acima pra q nao aconteça mais o que aconteceu em meu pc , mas graças a você consegui resolver .

Grande abraço amigo !!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×