Ir ao conteúdo
  • Cadastre-se
claudiamodolo

Autorun.inf

Recommended Posts

Meu PC pegou o AUTORUN.INF. Pesquisei aqui as diversas soluções, baixei o Penclean e o Flash.Desinfector (que meu antivírus detectou como Trojan.bancos?), digitei linhas no CMD que pesquisei na internet e, ainda assim, continuo o meu Memory Card infectado. Meu sistema operacional é Windows Vista Ultimate e utilizo modem da Claro (com entrada USB também). Será que o modem tb está infectado??

Baixei o AVIRA e fiz uma varredura. O antivírus detectou oTR/Started.AEO trojan. Quando tento renomear o autorun aparece a seguinte mensagem: EXCEPTION PROCESSING MESSAGE

Erro de proteção contra gravação

0xc00000a2 Parameters

0x7642023C

0x7642023C

0x9ADE1C9C

0x7642023C

Agradeço qualquer sugestão. confused::(:eek:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigada, meu querido. Vou baixar agora mesmo.

Abraços, Cláudia

Aqui vai o conteúdo do bloco de notas:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:33:31, on 23/10/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16757)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\SYSTEM32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Windows\System32\s3trayp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

c:\program files\common files\installshield\updateservice\isuspm.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\conime.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

C:\Users\Roberto\AppData\Local\Temp\Temp1_HiJackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\CONFLICT.7\gbiehabn.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKCU\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6A8C163A-68F1-4080-913E-925BEE6C0F35}: NameServer = 200.169.117.22 200.169.119.22

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gerenciador do Google Desktop 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: STI Simulator - Unknown owner - C:\Windows\System32\PAStiSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 10247 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Esse log não mostra infeções.

  • Faça o download do RSIT - random's system information tool by random/random e salve no seu desktop.
  • Duplo clique em RSIT.exe para a ferramenta ser executada.
  • Na janela que abrir (disclamer), clique em Continue.
  • Quando a ferramenta terminar de rodar, abrirá um documento do Bloco de Notas contendo o resultado do scan. Por favor cole o resultado desse log (log.txt) na sua próxima resposta.
  • Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt

Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Abaixo seguem os dados contidos no Bloco de Notas.

Eu ainda não consegui remover o Autorun.Inf do Memory Card. Sempre que tento acessá-lo para escanear, aparece uma mensagem dizendo que ele está "Protegido contra gravação". O que faço?

Obrigada

info.txt logfile of random's system information tool 1.04 2008-10-23 13:55:11

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL

-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL

-->C:\Windows\UNNeroShowTime.exe /UNINSTALL

-->C:\Windows\UNNeroVision.exe /UNINSTALL

-->C:\Windows\UNRecode.exe /UNINSTALL

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}

Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe

Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}

Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}

Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}

Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe

Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}

Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}

Adobe Illustrator CS3-->C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe

Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}

Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe

Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}

Adobe Reader 8.1.2 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81200000003}

Adobe Setup-->MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}

Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}

Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}

Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}

Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log

Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}

ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE

Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Arquivo do WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Assistente de Conexão do Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.EXE -U -ILM10WHDza.inf

Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall

HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_15091E40\HXFSETUP.EXE -U -ILM10Wz.inf

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Deskjet All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{706BB40A-4102-4c89-8107-DC68C4EBD19B}\setup\hpzscr01.exe -datfile hposcr14.dat

HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat

HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}

HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}

HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}

HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}

IRPF2008 - Declaração de Ajuste Anual-->C:\PROGRA~1\PROGRA~1\IRPF2008\UNWISE.EXE C:\PROGRA~1\PROGRA~1\IRPF2008\INSTALL.LOG

iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

K-Lite Mega Codec Pack 3.4.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}

Mobile Partner-->C:\Program Files\Mobile Partner\uninst.exe

MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}

MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

MV Defrag 1.7-->"C:\Program Files\Marcos Velasco Security\MV Defrag 1.7\unins000.exe"

MV RegClean 5.5-->"C:\Program Files\Marcos Velasco Security\MV RegClean 5.5\unins000.exe"

MV RegCompact 1.0-->"C:\Program Files\Marcos Velasco Security\MV RegCompact 1.0\unins000.exe"

Nero 8-->MsiExec.exe /X{919635D1-5C0D-4B64-B724-BDDB31D11046}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Nokia Connectivity Cable Driver-->MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}

Nokia PC Suite-->C:\ProgramData\Installations\{0FC76B71-2534-4354-B255-3468578E3F47}\Nokia_PC_Suite_rel_6_86_9_0_por_br.exe

Nokia PC Suite-->MsiExec.exe /I{0FC76B71-2534-4354-B255-3468578E3F47}

OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}

Pacote de Driver do Windows - Nokia Modem (08/03/2007 6.84.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7837a5db\nokbtmdm.inf

Pacote de Driver do Windows - Nokia Modem (10/12/2007 3.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ee12375f\nokia_bluetooth.inf

Pacote de Driver do Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf

PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}

PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}

RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Receitanet Java 2008.01-->C:\Program Files\Programas RFB\Receitanet Java\desinstalar\desinstalar.exe

Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}

Spyware Doctor 5.5-->C:\Program Files\Spyware Doctor\unins000.exe /LOG

Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe

Update Manager-->MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}

VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}

VIA Display Vista Driver 7.14.10.0059-->C:\PROGRA~1\S3\UChromeP\s3minset.exe /u -log UChromeP.uns

VIA Rhine-Family Fast-Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA

Vista x86 OneClick Activator-->MsiExec.exe /I{2876AEE2-A9C9-4585-A46A-44CF451C960E}

Windows Live installer-->MsiExec.exe /X{3A417047-2E30-4D05-8977-F706D40BFF39}

Windows Live Messenger-->MsiExec.exe /X{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}

Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"

Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}

Wireless LAN Driver-->C:\Program Files\InstallShield Installation Information\{8842825B-C865-40D3-89FD-A48A942195B4}\setup.exe -runfromtemp -l0x0009 -removeonly

======Security center information======

AV: Panda Antivirus 2008

AS: Panda Antivirus 2008

AS: Spyware Doctor

AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\PROGRAM FILES\PC CONNECTIVITY SOLUTION\;%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;C:\Program Files\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel

"PROCESSOR_REVISION"=0e0c

"NUMBER_OF_PROCESSORS"=2

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Lusitano, boa tarde.

Não possuo o Cd de instalação do Windows Vista, para dar o boot no Ambiente de Instalação. Posso executar o ComboFix assim mesmo? Lembrei outra coisa: meu acesso à internet é realizado através de modem da Claro, que tb tem entrada USB. Será que o Autorun.Inf pode estar instalado lá também? Perdoe-me se eu estiver dizendo alguma besteira... Abraço e obrigada

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pronto, amigão! Abaixo vai o log do CF:

ComboFix 08-10-23.08 - Roberto 2008-10-24 14:44:36.1 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1046.18.301 [GMT -2:00]

Executando de: C:\Users\Roberto\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

Error: Cfiles.dat

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_GbpSv

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-24 to 2008-10-24 ))))))))))))))))))))))))))))

.

2008-10-24 15:17 . 2008-10-24 15:18 144,828,864 --a------ C:\Windows\MEMORY.DMP

2008-10-23 13:54 . 2008-10-23 13:55 <DIR> d-------- C:\rsit

2008-10-23 13:54 . 2008-10-23 13:55 <DIR> d-------- C:\Program Files\trend micro

2008-10-21 19:59 . 2008-10-21 19:59 <DIR> d-------- C:\Users\Roberto\AppData\Roaming\HPAppData

2008-10-18 14:28 . 2008-10-18 14:28 <DIR> d-------- C:\Users\All Users\Avira

2008-10-18 14:28 . 2008-10-18 14:28 <DIR> d-------- C:\ProgramData\Avira

2008-10-18 14:28 . 2008-10-18 14:28 <DIR> d-------- C:\Program Files\Avira

2008-10-16 20:31 . 2008-10-20 21:59 <DIR> d-------- C:\Users\Roberto\AppData\Roaming\Desktopicon

2008-10-16 20:31 . 2008-10-23 20:23 <DIR> d-------- C:\Program Files\Unlocker

2008-10-16 19:20 . 2008-10-23 18:21 <DIR> d-------- C:\PenClean

2008-10-16 11:19 . 2008-10-16 11:53 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy

2008-10-16 11:19 . 2008-10-16 11:53 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy

2008-10-15 17:52 . 2008-09-18 00:03 2,027,520 --a------ C:\Windows\System32\win32k.sys

2008-10-15 17:51 . 2008-08-25 23:12 290,304 --a------ C:\Windows\System32\drivers\srv.sys

2008-10-15 17:47 . 2008-09-18 02:35 3,505,208 --a------ C:\Windows\System32\ntkrnlpa.exe

2008-10-15 17:47 . 2008-09-18 02:35 3,470,904 --a------ C:\Windows\System32\ntoskrnl.exe

2008-10-11 15:21 . 2008-10-16 12:33 <DIR> d-------- C:\Program Files\Opera

2008-10-10 19:47 . 2008-10-21 20:00 152,026 --a------ C:\Windows\hpoins14.dat

2008-10-10 19:47 . 2007-06-05 21:07 2,000 --------- C:\Windows\hpomdl14.dat

2008-10-03 13:13 . 2008-10-03 13:14 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-03 13:13 . 2008-10-03 13:14 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-03 13:13 . 2008-10-03 13:14 <DIR> d-------- C:\Program Files\iTunes

2008-10-03 13:13 . 2008-10-03 13:13 <DIR> d-------- C:\Program Files\iPod

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-24 17:20 --------- d---a-w C:\ProgramData\TEMP

2008-10-23 23:01 --------- d-----w C:\ProgramData\Google Updater

2008-10-23 22:12 --------- d-----w C:\Program Files\Java

2008-10-23 20:47 --------- d-----w C:\ProgramData\GbPlugin

2008-10-23 20:47 --------- d-----w C:\Program Files\GbPlugin

2008-10-23 14:57 --------- d-----w C:\Program Files\Spyware Doctor

2008-10-20 23:59 --------- d-----w C:\ProgramData\HP Product Assistant

2008-10-20 22:16 --------- d-----w C:\Program Files\HP

2008-10-16 20:49 --------- d-----w C:\Program Files\Marcos Velasco Security

2008-10-15 20:33 --------- d-----w C:\Program Files\Windows Mail

2008-10-09 22:59 --------- d-----w C:\Program Files\Bonjour

2008-10-09 22:44 --------- d-----w C:\Program Files\Google

2008-10-09 14:47 --------- d-----w C:\Users\Roberto\AppData\Roaming\PC Suite

2008-10-05 14:30 262,144 ----a-w C:\ProgramData\ntuser.dat

2008-10-02 03:49 826,368 ----a-w C:\Windows\System32\wininet.dll

2008-10-02 03:49 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-10-02 03:49 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-10-02 03:48 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-09-20 15:04 --------- d-----w C:\Program Files\QuickTime

2008-09-20 15:03 --------- d-----w C:\Program Files\Common Files\Apple

2008-09-18 23:54 --------- d-----w C:\ProgramData\FLEXnet

2008-09-14 20:31 2,560 ----a-w C:\Windows\_MSRSTRT.EXE

2008-09-14 20:30 --------- d-----w C:\ProgramData\SpeedBit

2008-09-12 15:52 --------- d-----w C:\Program Files\Windows Sidebar

2008-09-12 15:52 --------- d-----w C:\Program Files\Windows Journal

2008-09-12 15:52 --------- d-----w C:\Program Files\Windows Collaboration

2008-09-12 15:52 --------- d-----w C:\Program Files\Mobile Partner

2008-09-05 22:50 --------- d-----w C:\Program Files\Unity

2008-08-30 18:18 --------- d-----w C:\ProgramData\WLInstaller

2008-08-29 13:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe

2008-08-29 12:53 61,440 ----a-w C:\Windows\System32\dnssd.dll

2008-08-17 15:58 795,278,976 ----a-w C:\Users\Roberto\ADBEILSTCS3_WWE.exe

2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll

2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll

2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

2008-07-11 18:30 174 --sha-w C:\Program Files\desktop.ini

2008-02-01 14:13 2,828 --sha-w C:\Windows\System32\KGyGaAvL.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 1232896]

"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]

"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 1079296]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-07-05 155648]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-14 185632]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-17 29744]

"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 1107848]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"S3Trayp"="S3trayp.exe" [2007-07-05 C:\Windows\System32\s3trayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"LogonHoursAction"= 2 (0x2)

"DontDisplayLogonHoursWarnings"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "C:\Windows\Downloaded Program Files\CONFLICT.7\gbiehabn.dll" [2008-05-16 369064]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{019F7DE6-E7E4-4F18-B9C2-CFB4693CDD2A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{862AF939-1A50-41E1-897A-F1F3C02F954E}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{2794B9A3-1E93-4940-A419-24957A25C84E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"{AC130160-D329-48D8-8DF2-AE0727BFEE1C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{B38BAA76-2732-4A8B-8F89-9A54931DCDF7}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{02B13162-7C41-4D43-9399-AE28DED9D470}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{5B5D6846-2A83-4BF4-A266-FD9A2A949B5D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2007-07-05 45568]

R3 S3GIGP;S3GIGP;C:\Windows\system32\DRIVERS\VTGKModeDX32.sys [2007-07-05 843776]

S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-02-07 240128]

S3 GoogleDesktopManager-022208-143751;Gerenciador do Google Desktop 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-17 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1edf56f5-57fb-11dd-b2e0-00140b37355d}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1edf5708-57fb-11dd-b2e0-00140b37355d}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2343b13a-0d57-11dd-9aaf-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e3e377-cabb-11dc-bde6-00140b37355d}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e3e397-cabb-11dc-bde6-00140b37355d}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a9886d1-cff6-11dc-af84-00140b37355d}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a9886d8-cff6-11dc-af84-00140b37355d}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b74c0f2-0d68-11dd-bb87-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4889de78-0d4a-11dd-95de-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74a7b2bf-cce2-11dc-8e48-00140b37355d}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{759df293-d439-11dc-8e60-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c76496e-6952-11dd-8bd0-00140b37355d}]

\shell\Auto\command - F:\MicrosoftPowerPoint.exe

\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d025542-5982-11dd-8eda-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a174e83d-cd06-11dc-a6af-00140b37355d}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a174e868-cd06-11dc-a6af-00140b37355d}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a22fcada-3662-11dd-b417-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab587db5-80c8-11dd-8c1e-00140b37355d}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab587dcd-80c8-11dd-8c1e-00140b37355d}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b499ed80-80df-11dd-bd9c-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4102729-ce62-11dc-9d21-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1c7abb1-ce66-11dc-bec9-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d49eaf6c-0d6c-11dd-87af-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9129c1a-fb3f-11dc-8a18-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-10-24 C:\Windows\Tasks\User_Feed_Synchronization-{836B7669-B7D6-4620-891B-7367ACB3739B}.job

- C:\Windows\system32\msfeedssync.exe [2006-11-02 07:45]

.

.

------- Scan Suplementar -------

.

FireFox -: Profile - C:\Users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\led8zgux.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.hotmail.com/

FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1070.1219\npCIDetect11.dll

FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-24 15:20:09

Windows 6.0.6000 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

PROCESSOS: C:\Windows\Explorer.exe

-> C:\Program Files\Unlocker\UnlockerHook.dll

.

------------------------ Outros Processos em Execução ------------------------

.

C:\Windows\System32\audiodg.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Windows\System32\PAStiSvc.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\drivers\XAudio.exe

C:\Windows\System32\conime.exe

C:\Windows\System32\WerFault.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Apoint2K\ApntEx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-10-24 15:27:49 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-10-24 17:27:33

Pré-execução: O sistema não pode encontrar o texto correspondente à mensagem de número 0x2379 no arquivo de mensagens para Application.

Pós execução: 28,770,607,104 bytes disponíveis

255 --- E O F --- 2008-10-24 05:01:10

Obrigada mais uma vez!!!!!!!!!!!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, conecte os seus mídias mas não execute nenhum arquivo deles.

( 1 ) Nota muito importante: Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reactive as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

( 2 ) Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Quote":

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1edf56f5-57fb-11dd-b2e0-00140b37355d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1edf5708-57fb-11dd-b2e0-00140b37355d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2343b13a-0d57-11dd-9aaf-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e3e377-cabb-11dc-bde6-00140b37355d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e3e397-cabb-11dc-bde6-00140b37355d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a9886d1-cff6-11dc-af84-00140b37355d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a9886d8-cff6-11dc-af84-00140b37355d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b74c0f2-0d68-11dd-bb87-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4889de78-0d4a-11dd-95de-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74a7b2bf-cce2-11dc-8e48-00140b37355d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{759df293-d439-11dc-8e60-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c76496e-6952-11dd-8bd0-00140b37355d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d025542-5982-11dd-8eda-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a174e83d-cd06-11dc-a6af-00140b37355d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a174e868-cd06-11dc-a6af-00140b37355d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a22fcada-3662-11dd-b417-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab587db5-80c8-11dd-8c1e-00140b37355d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab587dcd-80c8-11dd-8c1e-00140b37355d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b499ed80-80df-11dd-bd9c-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4102729-ce62-11dc-9d21-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1c7abb1-ce66-11dc-bec9-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d49eaf6c-0d6c-11dd-87af-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9129c1a-fb3f-11dc-8a18-806e6f6e6963}]

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Cole o conteúdo desse arquivo C:\ComboFix.txt.
  • Faça também um novo log do HijackThis para colocar na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Lusitano:

este foi log gerado após o último procedimento.

Obrigada

omboFix 08-10-23.08 - Roberto 2008-10-24 14:44:36.1 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1046.18.301 [GMT -2:00]

Executando de: C:\Users\Roberto\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

Error: Cfiles.dat

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_GbpSv

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-24 to 2008-10-24 ))))))))))))))))))))))))))))

.

2008-10-24 15:17 . 2008-10-24 15:18 144,828,864 --a------ C:\Windows\MEMORY.DMP

2008-10-23 13:54 . 2008-10-23 13:55 <DIR> d-------- C:\rsit

2008-10-23 13:54 . 2008-10-23 13:55 <DIR> d-------- C:\Program Files\trend micro

2008-10-21 19:59 . 2008-10-21 19:59 <DIR> d-------- C:\Users\Roberto\AppData\Roaming\HPAppData

2008-10-18 14:28 . 2008-10-18 14:28 <DIR> d-------- C:\Users\All Users\Avira

2008-10-18 14:28 . 2008-10-18 14:28 <DIR> d-------- C:\ProgramData\Avira

2008-10-18 14:28 . 2008-10-18 14:28 <DIR> d-------- C:\Program Files\Avira

2008-10-16 20:31 . 2008-10-20 21:59 <DIR> d-------- C:\Users\Roberto\AppData\Roaming\Desktopicon

2008-10-16 20:31 . 2008-10-23 20:23 <DIR> d-------- C:\Program Files\Unlocker

2008-10-16 19:20 . 2008-10-23 18:21 <DIR> d-------- C:\PenClean

2008-10-16 11:19 . 2008-10-16 11:53 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy

2008-10-16 11:19 . 2008-10-16 11:53 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy

2008-10-15 17:52 . 2008-09-18 00:03 2,027,520 --a------ C:\Windows\System32\win32k.sys

2008-10-15 17:51 . 2008-08-25 23:12 290,304 --a------ C:\Windows\System32\drivers\srv.sys

2008-10-15 17:47 . 2008-09-18 02:35 3,505,208 --a------ C:\Windows\System32\ntkrnlpa.exe

2008-10-15 17:47 . 2008-09-18 02:35 3,470,904 --a------ C:\Windows\System32\ntoskrnl.exe

2008-10-11 15:21 . 2008-10-16 12:33 <DIR> d-------- C:\Program Files\Opera

2008-10-10 19:47 . 2008-10-21 20:00 152,026 --a------ C:\Windows\hpoins14.dat

2008-10-10 19:47 . 2007-06-05 21:07 2,000 --------- C:\Windows\hpomdl14.dat

2008-10-03 13:13 . 2008-10-03 13:14 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-03 13:13 . 2008-10-03 13:14 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-03 13:13 . 2008-10-03 13:14 <DIR> d-------- C:\Program Files\iTunes

2008-10-03 13:13 . 2008-10-03 13:13 <DIR> d-------- C:\Program Files\iPod

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-24 17:20 --------- d---a-w C:\ProgramData\TEMP

2008-10-23 23:01 --------- d-----w C:\ProgramData\Google Updater

2008-10-23 22:12 --------- d-----w C:\Program Files\Java

2008-10-23 20:47 --------- d-----w C:\ProgramData\GbPlugin

2008-10-23 20:47 --------- d-----w C:\Program Files\GbPlugin

2008-10-23 14:57 --------- d-----w C:\Program Files\Spyware Doctor

2008-10-20 23:59 --------- d-----w C:\ProgramData\HP Product Assistant

2008-10-20 22:16 --------- d-----w C:\Program Files\HP

2008-10-16 20:49 --------- d-----w C:\Program Files\Marcos Velasco Security

2008-10-15 20:33 --------- d-----w C:\Program Files\Windows Mail

2008-10-09 22:59 --------- d-----w C:\Program Files\Bonjour

2008-10-09 22:44 --------- d-----w C:\Program Files\Google

2008-10-09 14:47 --------- d-----w C:\Users\Roberto\AppData\Roaming\PC Suite

2008-10-05 14:30 262,144 ----a-w C:\ProgramData\ntuser.dat

2008-10-02 03:49 826,368 ----a-w C:\Windows\System32\wininet.dll

2008-10-02 03:49 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-10-02 03:49 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-10-02 03:48 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-09-20 15:04 --------- d-----w C:\Program Files\QuickTime

2008-09-20 15:03 --------- d-----w C:\Program Files\Common Files\Apple

2008-09-18 23:54 --------- d-----w C:\ProgramData\FLEXnet

2008-09-14 20:31 2,560 ----a-w C:\Windows\_MSRSTRT.EXE

2008-09-14 20:30 --------- d-----w C:\ProgramData\SpeedBit

2008-09-12 15:52 --------- d-----w C:\Program Files\Windows Sidebar

2008-09-12 15:52 --------- d-----w C:\Program Files\Windows Journal

2008-09-12 15:52 --------- d-----w C:\Program Files\Windows Collaboration

2008-09-12 15:52 --------- d-----w C:\Program Files\Mobile Partner

2008-09-05 22:50 --------- d-----w C:\Program Files\Unity

2008-08-30 18:18 --------- d-----w C:\ProgramData\WLInstaller

2008-08-29 13:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe

2008-08-29 12:53 61,440 ----a-w C:\Windows\System32\dnssd.dll

2008-08-17 15:58 795,278,976 ----a-w C:\Users\Roberto\ADBEILSTCS3_WWE.exe

2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll

2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll

2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

2008-07-11 18:30 174 --sha-w C:\Program Files\desktop.ini

2008-02-01 14:13 2,828 --sha-w C:\Windows\System32\KGyGaAvL.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 1232896]

"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]

"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 1079296]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-07-05 155648]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-14 185632]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-17 29744]

"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 1107848]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"S3Trayp"="S3trayp.exe" [2007-07-05 C:\Windows\System32\s3trayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"LogonHoursAction"= 2 (0x2)

"DontDisplayLogonHoursWarnings"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "C:\Windows\Downloaded Program Files\CONFLICT.7\gbiehabn.dll" [2008-05-16 369064]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{019F7DE6-E7E4-4F18-B9C2-CFB4693CDD2A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{862AF939-1A50-41E1-897A-F1F3C02F954E}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{2794B9A3-1E93-4940-A419-24957A25C84E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"{AC130160-D329-48D8-8DF2-AE0727BFEE1C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{B38BAA76-2732-4A8B-8F89-9A54931DCDF7}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{02B13162-7C41-4D43-9399-AE28DED9D470}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{5B5D6846-2A83-4BF4-A266-FD9A2A949B5D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2007-07-05 45568]

R3 S3GIGP;S3GIGP;C:\Windows\system32\DRIVERS\VTGKModeDX32.sys [2007-07-05 843776]

S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-02-07 240128]

S3 GoogleDesktopManager-022208-143751;Gerenciador do Google Desktop 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-17 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1edf56f5-57fb-11dd-b2e0-00140b37355d}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1edf5708-57fb-11dd-b2e0-00140b37355d}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2343b13a-0d57-11dd-9aaf-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e3e377-cabb-11dc-bde6-00140b37355d}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e3e397-cabb-11dc-bde6-00140b37355d}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a9886d1-cff6-11dc-af84-00140b37355d}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a9886d8-cff6-11dc-af84-00140b37355d}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b74c0f2-0d68-11dd-bb87-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4889de78-0d4a-11dd-95de-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74a7b2bf-cce2-11dc-8e48-00140b37355d}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{759df293-d439-11dc-8e60-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c76496e-6952-11dd-8bd0-00140b37355d}]

\shell\Auto\command - F:\MicrosoftPowerPoint.exe

\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d025542-5982-11dd-8eda-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a174e83d-cd06-11dc-a6af-00140b37355d}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a174e868-cd06-11dc-a6af-00140b37355d}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a22fcada-3662-11dd-b417-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab587db5-80c8-11dd-8c1e-00140b37355d}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab587dcd-80c8-11dd-8c1e-00140b37355d}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b499ed80-80df-11dd-bd9c-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4102729-ce62-11dc-9d21-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1c7abb1-ce66-11dc-bec9-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d49eaf6c-0d6c-11dd-87af-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9129c1a-fb3f-11dc-8a18-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-10-24 C:\Windows\Tasks\User_Feed_Synchronization-{836B7669-B7D6-4620-891B-7367ACB3739B}.job

- C:\Windows\system32\msfeedssync.exe [2006-11-02 07:45]

.

.

------- Scan Suplementar -------

.

FireFox -: Profile - C:\Users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\led8zgux.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.hotmail.com/

FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1070.1219\npCIDetect11.dll

FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-24 15:20:09

Windows 6.0.6000 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

PROCESSOS: C:\Windows\Explorer.exe

-> C:\Program Files\Unlocker\UnlockerHook.dll

.

------------------------ Outros Processos em Execução ------------------------

.

C:\Windows\System32\audiodg.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Windows\System32\PAStiSvc.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\drivers\XAudio.exe

C:\Windows\System32\conime.exe

C:\Windows\System32\WerFault.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Apoint2K\ApntEx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-10-24 15:27:49 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-10-24 17:27:33

Pré-execução: O sistema não pode encontrar o texto correspondente à mensagem de número 0x2379 no arquivo de mensagens para Application.

Pós execução: 28,770,607,104 bytes disponíveis

255 --- E O F --- 2008-10-24 05:01:10

Compartilhar este post


Link para o post
Compartilhar em outros sites

Agora vai o log do HijackThis.

Obrigada outra vez...

ogfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:49:35, on 24/10/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16757)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Windows\System32\s3trayp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\Explorer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

C:\Users\Roberto\AppData\Local\Temp\Temp2_HiJackThis.zip\HijackThis.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gerenciador do Google Desktop 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: STI Simulator - Unknown owner - C:\Windows\System32\PAStiSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 3251 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download de OTMoveIt3 by OldTimer e salve no desktop.

Duplo-Clique no icone otmi3desktopicon.png que está no seu desktop.

Copie o texto que está abaixo dentro do "Code" e cole na área abaixo de pasteline.png:


:processes
explorer.exe
:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1edf56f5-57fb-11dd-b2e0-00140b37355d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1edf5708-57fb-11dd-b2e0-00140b37355d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2343b13a-0d57-11dd-9aaf-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e3e377-cabb-11dc-bde6-00140b37355d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e3e397-cabb-11dc-bde6-00140b37355d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a9886d1-cff6-11dc-af84-00140b37355d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a9886d8-cff6-11dc-af84-00140b37355d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b74c0f2-0d68-11dd-bb87-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4889de78-0d4a-11dd-95de-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74a7b2bf-cce2-11dc-8e48-00140b37355d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{759df293-d439-11dc-8e60-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c76496e-6952-11dd-8bd0-00140b37355d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d025542-5982-11dd-8eda-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a174e83d-cd06-11dc-a6af-00140b37355d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a174e868-cd06-11dc-a6af-00140b37355d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a22fcada-3662-11dd-b417-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab587db5-80c8-11dd-8c1e-00140b37355d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab587dcd-80c8-11dd-8c1e-00140b37355d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b499ed80-80df-11dd-bd9c-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4102729-ce62-11dc-9d21-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1c7abb1-ce66-11dc-bec9-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d49eaf6c-0d6c-11dd-87af-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9129c1a-fb3f-11dc-8a18-806e6f6e6963}]
:commands
[EmptyTemp]
[Reboot]

Clique agora no botão btnmoveit.png

Caso apareça o aviso para reiniciar o computador, faça isso.

Na sua proxima resposta, copie e cole o todo o conteúdo que está em results.png

Se o computador reiniciou e não lhe foi possível copiar o resultado, abra o Bloco de Notas (Iniciar ~> Programs ~> Acessorios ~> Bloco de Notas), clique em Arquivo ~> Abrir e na caixa "Nome do Arquivo", coloque *.log e dê enter; Procure a pasta C:\_OTMoveIt\MovedFiles, e abra o mais recente arquivo .log presente. Copie e cole todo o conteúdo desse arquivo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Lusitano, bom dia!!! Estou te dando um trabalhão, né? Aqui vai o log do OTMoveIt3:

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1edf56f5-57fb-11dd-b2e0-00140b37355d}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1edf5708-57fb-11dd-b2e0-00140b37355d}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2343b13a-0d57-11dd-9aaf-806e6f6e6963}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e3e377-cabb-11dc-bde6-00140b37355d}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e3e397-cabb-11dc-bde6-00140b37355d}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a9886d1-cff6-11dc-af84-00140b37355d}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a9886d8-cff6-11dc-af84-00140b37355d}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b74c0f2-0d68-11dd-bb87-806e6f6e6963}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4889de78-0d4a-11dd-95de-806e6f6e6963}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74a7b2bf-cce2-11dc-8e48-00140b37355d}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{759df293-d439-11dc-8e60-806e6f6e6963}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c76496e-6952-11dd-8bd0-00140b37355d}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d025542-5982-11dd-8eda-806e6f6e6963}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a174e83d-cd06-11dc-a6af-00140b37355d}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a174e868-cd06-11dc-a6af-00140b37355d}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a22fcada-3662-11dd-b417-806e6f6e6963}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab587db5-80c8-11dd-8c1e-00140b37355d}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab587dcd-80c8-11dd-8c1e-00140b37355d}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b499ed80-80df-11dd-bd9c-806e6f6e6963}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4102729-ce62-11dc-9d21-806e6f6e6963}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1c7abb1-ce66-11dc-bec9-806e6f6e6963}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d49eaf6c-0d6c-11dd-87af-806e6f6e6963}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9129c1a-fb3f-11dc-8a18-806e6f6e6963}\\ deleted successfully.

========== COMMANDS ==========

File delete failed. C:\Users\Roberto\AppData\Local\Temp\~DF3321.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\Windows\temp\hpqddsvc.log scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\lpksetup-20081024-153328-0.log scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\lpksetup-20081024-153332-0.log scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\lpksetup-20081024-212844-0.log scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\lpksetup-20081024-212846-0.log scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\lpksetup-20081025-203525-0.log scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\lpksetup-20081025-203527-0.log scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\MpCmdRun.log scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\MpSigStub.log scheduled to be deleted on reboot.

Windows Temp folder emptied.

FireFox cache emptied.

Opera cache emptied.

Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10272008_122535

OBRIGADÃO!!!!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Abaixo segue o log do HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:32:45, on 27/10/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16757)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\Windows\System32\s3trayp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\conime.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Mobile Partner\Mobile Partner.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Roberto\AppData\Local\Temp\Temp1_HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\CONFLICT.7\gbiehabn.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gerenciador do Google Desktop 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: STI Simulator - Unknown owner - C:\Windows\System32\PAStiSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 9238 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, O seu Java está desatualizado.

Versões antigas e desatualizadas, estão mais vulneráveis aos malwares.

  • Faça o download da última versão do Java Runtime Environment (JRE) 6 Update 10 e salve no seu ambiente de trabalho (Desktop).
  • Navegue até "Java Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications".
  • Clique em "Download". (está do lado direito)
  • Selecione a sua Plataforma: "Windows".
  • Selecione a sua linguagem: "Português".
  • Leia a Licença de uso e marque a caixa: "Accept License Agreement".
  • Clique "Continue".
  • Clique no link para download Windows Offline Installation e salve o arquivo no seu Ambiente de Trabalho.
  • Feche todos os programas que esteja usar. Especialmente o seu Navegador (IE, Firefox, etc)
  • Clique em Iniciar -> Configurações -> Painel de Controle, duplo clique em Adicionar/Remover Programas e remova todas as versões antigas de Java.
  • Marque qualquer item , que tenha no nome: Java Runtime Environment (JRE ou J2SE). Deverá ter um icone como este javaicon.jpg
  • Clique em Remover ou Modificar/Remover.
  • Repita quantas vezes for necessário, até que tenha removido todas as versões antigas de Java que existam no seu PC.
  • Reinicie o seu computador, após ter removido as versões antigas de Java.
  • Dê agora o duplo-clique em jre-6u10-windows-i586-p.exe (está no seu desktop), para instalar a nova e mais segura versão de Java.

No mais o seu log está limpo

  • Clique em Iniciar depois em Executar
  • Digite agora Combofix /u e clique OK, tal como exemplificado na imagem abaixo.

CF_Cleanup.png

Faça o download de OTCleanIt by OldTimer

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique no icone otcleanitdesktopicon.png
  • Clique no botão "Cleanup" 8gehxg0.gif
  • Permita que o seu computador seja reiniciado.

Agora que seu pc está limpo, siga estes passos para manter seu computador limpo e protegido:

  • Elimine a Pasta (caso exista): Backups do HijackThis
  • Utilize um navegador alternativo e mais seguro:
    firefox-spread-btn-1b.png ou Opera_logo1.gif
  • Utilize uma Firewall - É extremamente importante na proteção ao seu computador.
    Boas opções grátis são:
    Comodo Firewall Pro
    Online Armor Free edition
  • Instale o SpywareBlaster - SpywareBlaster adiciona uma lista de programas e sites maliciosos ao Internet Explorer e FireFox que o irão proteger desses sites e programas.
  • Visite o Secunia Software Inspector e veja o estado dos seus programas no que diz respeito às actualizações.
  • Mantenha seus programas devidamente actualizados.
    Estar actualizado é estar seguro. Clique aqui

Algumas utilidades extras que podem aumentar a proteção ao seu computador:

  • IE/Spyad <=
    IE/Spyad adiciona para cima de 4000 websites e dominios à lista de restrições do IE.
  • MVPS Hosts <= O MVPS Hosts cria um novo arquivo HOSTS contendo sites conhecidos, IP's, etc. Basicamente, irá prevenir que o seu pc se conecte a esses sites maliciosos
  • Google Toolbar <= A toolbar do Google previne os pop up's.

Foi um prazer ajudar thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites

O Modem e o Memory Card continuam apresentando o Autorun.Inf. Ou seja: não consigo acessá-los. Aparece uma mensagem dizendo que eles estão "protegidos contra gravação". O Autorun só aparece quando tiro a seleção do item "Ocultar arquivos do sistema operacional" nas opções de pasta/mostrar arquivos ocultos. Aparece um Power.Point no Memory Card que não executei porque tive receio.

Obrigada

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue abaixo o log gerado pelo ComboFix, porém ele não acessa nem o modem em o Memory Card. Aparece a seguinte mensagem: Windows -Erro de proteção contra gravação

Exception Processing Message

0xc00000a2 Parameters 0x75FE023C

0x75FE023C 0x84DEE2C

0x75FE023C

Log do Combofix

ComboFix 08-10-23.08 - Roberto 2008-10-29 20:36:38.2 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1046.18.297 [GMT -2:00]

Executando de: C:\Users\Roberto\Desktop\ComboFix.exe

.

Error: Cfiles.dat

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-28 to 2008-10-29 ))))))))))))))))))))))))))))

.

2008-10-29 17:19 . 2008-10-29 17:18 410,976 --a------ C:\Windows\System32\deploytk.dll

2008-10-24 15:17 . 2008-10-24 15:18 144,828,864 --a------ C:\Windows\MEMORY.DMP

2008-10-23 13:54 . 2008-10-23 13:55 <DIR> d-------- C:\rsit

2008-10-23 13:54 . 2008-10-23 13:55 <DIR> d-------- C:\Program Files\trend micro

2008-10-21 19:59 . 2008-10-21 19:59 <DIR> d-------- C:\Users\Roberto\AppData\Roaming\HPAppData

2008-10-18 14:28 . 2008-10-18 14:28 <DIR> d-------- C:\Users\All Users\Avira

2008-10-18 14:28 . 2008-10-18 14:28 <DIR> d-------- C:\ProgramData\Avira

2008-10-18 14:28 . 2008-10-18 14:28 <DIR> d-------- C:\Program Files\Avira

2008-10-16 20:31 . 2008-10-20 21:59 <DIR> d-------- C:\Users\Roberto\AppData\Roaming\Desktopicon

2008-10-16 20:31 . 2008-10-27 20:01 <DIR> d-------- C:\Program Files\Unlocker

2008-10-16 19:20 . 2008-10-23 18:21 <DIR> d-------- C:\PenClean

2008-10-16 11:19 . 2008-10-16 11:53 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy

2008-10-16 11:19 . 2008-10-16 11:53 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy

2008-10-15 17:52 . 2008-09-18 00:03 2,027,520 --a------ C:\Windows\System32\win32k.sys

2008-10-15 17:51 . 2008-08-25 23:12 290,304 --a------ C:\Windows\System32\drivers\srv.sys

2008-10-15 17:47 . 2008-09-18 02:35 3,505,208 --a------ C:\Windows\System32\ntkrnlpa.exe

2008-10-15 17:47 . 2008-09-18 02:35 3,470,904 --a------ C:\Windows\System32\ntoskrnl.exe

2008-10-11 15:21 . 2008-10-16 12:33 <DIR> d-------- C:\Program Files\Opera

2008-10-10 19:47 . 2008-10-21 20:00 152,026 --a------ C:\Windows\hpoins14.dat

2008-10-10 19:47 . 2007-06-05 21:07 2,000 --------- C:\Windows\hpomdl14.dat

2008-10-03 13:13 . 2008-10-03 13:14 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-03 13:13 . 2008-10-03 13:14 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-03 13:13 . 2008-10-03 13:14 <DIR> d-------- C:\Program Files\iTunes

2008-10-03 13:13 . 2008-10-03 13:13 <DIR> d-------- C:\Program Files\iPod

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-29 19:27 --------- d-----w C:\Program Files\Spyware Doctor

2008-10-29 19:26 --------- d---a-w C:\ProgramData\TEMP

2008-10-29 15:37 --------- d-----w C:\ProgramData\Google Updater

2008-10-29 15:28 --------- d-----w C:\ProgramData\HP Product Assistant

2008-10-27 22:33 --------- d-----w C:\Program Files\Java

2008-10-23 20:47 --------- d-----w C:\ProgramData\GbPlugin

2008-10-23 20:47 --------- d-----w C:\Program Files\GbPlugin

2008-10-20 22:16 --------- d-----w C:\Program Files\HP

2008-10-16 20:49 --------- d-----w C:\Program Files\Marcos Velasco Security

2008-10-15 20:33 --------- d-----w C:\Program Files\Windows Mail

2008-10-09 22:59 --------- d-----w C:\Program Files\Bonjour

2008-10-09 22:44 --------- d-----w C:\Program Files\Google

2008-10-09 14:47 --------- d-----w C:\Users\Roberto\AppData\Roaming\PC Suite

2008-10-05 14:30 262,144 ----a-w C:\ProgramData\ntuser.dat

2008-10-02 03:49 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-09-20 15:04 --------- d-----w C:\Program Files\QuickTime

2008-09-20 15:03 --------- d-----w C:\Program Files\Common Files\Apple

2008-09-18 23:54 --------- d-----w C:\ProgramData\FLEXnet

2008-09-14 20:31 2,560 ----a-w C:\Windows\_MSRSTRT.EXE

2008-09-14 20:30 --------- d-----w C:\ProgramData\SpeedBit

2008-09-12 15:52 --------- d-----w C:\Program Files\Windows Sidebar

2008-09-12 15:52 --------- d-----w C:\Program Files\Windows Journal

2008-09-12 15:52 --------- d-----w C:\Program Files\Windows Collaboration

2008-09-12 15:52 --------- d-----w C:\Program Files\Mobile Partner

2008-09-05 22:50 --------- d-----w C:\Program Files\Unity

2008-08-30 18:18 --------- d-----w C:\ProgramData\WLInstaller

2008-08-17 15:58 795,278,976 ----a-w C:\Users\Roberto\ADBEILSTCS3_WWE.exe

2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

2008-07-11 18:30 174 --sha-w C:\Program Files\desktop.ini

2008-02-01 14:13 2,828 --sha-w C:\Windows\System32\KGyGaAvL.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 1232896]

"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]

"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 1079296]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-07-05 155648]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-14 185632]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-17 29744]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-29 136600]

"S3Trayp"="S3trayp.exe" [2007-07-05 C:\Windows\System32\s3trayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"LogonHoursAction"= 2 (0x2)

"DontDisplayLogonHoursWarnings"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "C:\Windows\Downloaded Program Files\CONFLICT.7\gbiehabn.dll" [2008-05-16 369064]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{019F7DE6-E7E4-4F18-B9C2-CFB4693CDD2A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{862AF939-1A50-41E1-897A-F1F3C02F954E}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{2794B9A3-1E93-4940-A419-24957A25C84E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"{AC130160-D329-48D8-8DF2-AE0727BFEE1C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{B38BAA76-2732-4A8B-8F89-9A54931DCDF7}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{02B13162-7C41-4D43-9399-AE28DED9D470}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{5B5D6846-2A83-4BF4-A266-FD9A2A949B5D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2007-07-05 45568]

R3 S3GIGP;S3GIGP;C:\Windows\system32\DRIVERS\VTGKModeDX32.sys [2007-07-05 843776]

S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-02-07 240128]

S3 GoogleDesktopManager-022208-143751;Gerenciador do Google Desktop 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-17 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c76496e-6952-11dd-8bd0-00140b37355d}]

\shell\Auto\command - F:\MicrosoftPowerPoint.exe

\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b499ed80-80df-11dd-bd9c-806e6f6e6963}]

\shell\AutoRun\command - E:\AutoRun.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-10-29 C:\Windows\Tasks\User_Feed_Synchronization-{836B7669-B7D6-4620-891B-7367ACB3739B}.job

- C:\Windows\system32\msfeedssync.exe [2006-11-02 07:45]

.

.

------- Scan Suplementar -------

.

FireFox -: Profile - C:\Users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\led8zgux.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.hotmail.com/

FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1070.1219\npCIDetect11.dll

FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-29 21:00:27

Windows 6.0.6000 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

PROCESSOS: C:\Windows\Explorer.exe

-> C:\Program Files\Unlocker\UnlockerHook.dll

.

------------------------ Outros Processos em Execução ------------------------

.

C:\Windows\System32\audiodg.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\System32\PAStiSvc.exe

C:\Windows\System32\drivers\XAudio.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\conime.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Apoint2K\ApntEx.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\System32\dllhost.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-10-29 21:07:10 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-10-29 23:06:57

ComboFix2.txt 2008-10-29 20:00:16

ComboFix3.txt 2008-10-24 17:27:52

Pré-execução: 20.107.599.872 bytes disponíveis

Pós execução: 19,995,512,832 bytes disponíveis

196 --- E O F --- 2008-10-29 19:16:32

Obrigada,

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Faça um Online Scan em Eset Online Scanner

  • Nota: Apenas compatível com o Internet Explorer
  • Marque a caixa "SIM, aceito as condições de uso"
  • Clique no botão "Iniciar"
  • Marque a caixa "YES, I accept the Terms of Use".
  • Clique no botão Start.
  • Quando perguntado, aceite a licença e instale o contolor ActiveX.
  • Certifique-se que a opção "Remove found threats" não está marcada e a opção "Scan unwanted applications" está marcada.
  • Na sua próxima resposta, gere e cole um novo log do HijackThis e o resultado do scan (C:\Program Files\EsetOnlineScanner\log.txt)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tentei por diversas vezes realizar o scanner do Free Eset Online Virus Scan. Mesmo executando como Administrador, aparece a seguinte mensagem de erro: Error: Cannote initialize Online Scanner. Administrator rights require.

Obrigada,

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×