Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
claudiamodolo

Autorun.inf

Recommended Posts

Meu PC pegou o AUTORUN.INF. Pesquisei aqui as diversas soluções, baixei o Penclean e o Flash.Desinfector (que meu antivírus detectou como Trojan.bancos?), digitei linhas no CMD que pesquisei na internet e, ainda assim, continuo o meu Memory Card infectado. Meu sistema operacional é Windows Vista Ultimate e utilizo modem da Claro (com entrada USB também). Será que o modem tb está infectado??

Baixei o AVIRA e fiz uma varredura. O antivírus detectou oTR/Started.AEO trojan. Quando tento renomear o autorun aparece a seguinte mensagem: EXCEPTION PROCESSING MESSAGE

Erro de proteção contra gravação

0xc00000a2 Parameters

0x7642023C

0x7642023C

0x9ADE1C9C

0x7642023C

Agradeço qualquer sugestão. confused::(:eek:

Editado por claudiamodolo
Novas informações

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Obrigada, meu querido. Vou baixar agora mesmo.

    Abraços, Cláudia

    Aqui vai o conteúdo do bloco de notas:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 13:33:31, on 23/10/2008

    Platform: Windows Vista (WinNT 6.00.1904)

    MSIE: Internet Explorer v7.00 (7.00.6000.16757)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\SYSTEM32\taskeng.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\Apoint2K\Apoint.exe

    C:\Windows\System32\s3trayp.exe

    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Program Files\Spyware Doctor\pctsTray.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Unlocker\UnlockerAssistant.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

    C:\Windows\ehome\ehtray.exe

    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Windows\System32\mobsync.exe

    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

    C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

    c:\program files\common files\installshield\updateservice\isuspm.exe

    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

    C:\Program Files\Apoint2K\Apntex.exe

    C:\Windows\system32\conime.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

    C:\Windows\system32\wuauclt.exe

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    C:\Program Files\Internet Explorer\IEUser.exe

    C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\Program Files\Windows Media Player\wmplayer.exe

    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

    C:\Users\Roberto\AppData\Local\Temp\Temp1_HiJackThis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O1 - Hosts: ::1 localhost

    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

    O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\CONFLICT.7\gbiehabn.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

    O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

    O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

    O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe

    O4 - HKCU\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

    O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

    O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O13 - Gopher Prefix:

    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{6A8C163A-68F1-4080-913E-925BEE6C0F35}: NameServer = 200.169.117.22 200.169.119.22

    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: Gerenciador do Google Desktop 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    O23 - Service: STI Simulator - Unknown owner - C:\Windows\System32\PAStiSvc.exe

    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --

    End of file - 10247 bytes

    Editado por icefly
    Flood

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Olá,

    Esse log não mostra infeções.

    • Faça o download do RSIT - random's system information tool by random/random e salve no seu desktop.
    • Duplo clique em RSIT.exe para a ferramenta ser executada.
    • Na janela que abrir (disclamer), clique em Continue.
    • Quando a ferramenta terminar de rodar, abrirá um documento do Bloco de Notas contendo o resultado do scan. Por favor cole o resultado desse log (log.txt) na sua próxima resposta.
    • Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt

    Obrigado

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Abaixo seguem os dados contidos no Bloco de Notas.

    Eu ainda não consegui remover o Autorun.Inf do Memory Card. Sempre que tento acessá-lo para escanear, aparece uma mensagem dizendo que ele está "Protegido contra gravação". O que faço?

    Obrigada

    info.txt logfile of random's system information tool 1.04 2008-10-23 13:55:11

    ======Uninstall list======

    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

    -->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

    -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL

    -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL

    -->C:\Windows\UNNeroShowTime.exe /UNINSTALL

    -->C:\Windows\UNNeroVision.exe /UNINSTALL

    -->C:\Windows\UNRecode.exe /UNINSTALL

    32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}

    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

    Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

    Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

    Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

    Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

    Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

    Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

    Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}

    Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe

    Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}

    Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}

    Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

    Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}

    Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

    Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

    Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe

    Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}

    Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

    Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

    Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

    Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}

    Adobe Illustrator CS3-->C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe

    Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}

    Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

    Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

    Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe

    Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}

    Adobe Reader 8.1.2 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81200000003}

    Adobe Setup-->MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}

    Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}

    Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}

    Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}

    Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log

    Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

    Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

    Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

    Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

    Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

    Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}

    ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE

    Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}

    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

    Arquivo do WinRAR-->C:\Program Files\WinRAR\uninstall.exe

    Assistente de Conexão do Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

    Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.EXE -U -ILM10WHDza.inf

    Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall

    Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

    Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

    Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall

    HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_15091E40\HXFSETUP.EXE -U -ILM10Wz.inf

    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

    HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

    HP Deskjet All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{706BB40A-4102-4c89-8107-DC68C4EBD19B}\setup\hpzscr01.exe -datfile hposcr14.dat

    HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

    HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

    HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat

    HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}

    HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}

    HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

    HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}

    HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}

    IRPF2008 - Declaração de Ajuste Anual-->C:\PROGRA~1\PROGRA~1\IRPF2008\UNWISE.EXE C:\PROGRA~1\PROGRA~1\IRPF2008\INSTALL.LOG

    iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}

    Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

    Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

    K-Lite Mega Codec Pack 3.4.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

    Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}

    Mobile Partner-->C:\Program Files\Mobile Partner\uninst.exe

    MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}

    MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}

    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

    MV Defrag 1.7-->"C:\Program Files\Marcos Velasco Security\MV Defrag 1.7\unins000.exe"

    MV RegClean 5.5-->"C:\Program Files\Marcos Velasco Security\MV RegClean 5.5\unins000.exe"

    MV RegCompact 1.0-->"C:\Program Files\Marcos Velasco Security\MV RegCompact 1.0\unins000.exe"

    Nero 8-->MsiExec.exe /X{919635D1-5C0D-4B64-B724-BDDB31D11046}

    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

    Nokia Connectivity Cable Driver-->MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}

    Nokia PC Suite-->C:\ProgramData\Installations\{0FC76B71-2534-4354-B255-3468578E3F47}\Nokia_PC_Suite_rel_6_86_9_0_por_br.exe

    Nokia PC Suite-->MsiExec.exe /I{0FC76B71-2534-4354-B255-3468578E3F47}

    OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}

    Pacote de Driver do Windows - Nokia Modem (08/03/2007 6.84.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7837a5db\nokbtmdm.inf

    Pacote de Driver do Windows - Nokia Modem (10/12/2007 3.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ee12375f\nokia_bluetooth.inf

    Pacote de Driver do Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf

    PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}

    PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

    QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}

    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

    Receitanet Java 2008.01-->C:\Program Files\Programas RFB\Receitanet Java\desinstalar\desinstalar.exe

    Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}

    Spyware Doctor 5.5-->C:\Program Files\Spyware Doctor\unins000.exe /LOG

    Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe

    Update Manager-->MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}

    VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}

    VIA Display Vista Driver 7.14.10.0059-->C:\PROGRA~1\S3\UChromeP\s3minset.exe /u -log UChromeP.uns

    VIA Rhine-Family Fast-Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA

    Vista x86 OneClick Activator-->MsiExec.exe /I{2876AEE2-A9C9-4585-A46A-44CF451C960E}

    Windows Live installer-->MsiExec.exe /X{3A417047-2E30-4D05-8977-F706D40BFF39}

    Windows Live Messenger-->MsiExec.exe /X{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}

    Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"

    Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}

    Wireless LAN Driver-->C:\Program Files\InstallShield Installation Information\{8842825B-C865-40D3-89FD-A48A942195B4}\setup.exe -runfromtemp -l0x0009 -removeonly

    ======Security center information======

    AV: Panda Antivirus 2008

    AS: Panda Antivirus 2008

    AS: Spyware Doctor

    AS: Windows Defender

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe

    "FP_NO_HOST_CHECK"=NO

    "OS"=Windows_NT

    "Path"=C:\PROGRAM FILES\PC CONNECTIVITY SOLUTION\;%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;C:\Program Files\QuickTime\QTSystem\

    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

    "PROCESSOR_ARCHITECTURE"=x86

    "TEMP"=%SystemRoot%\TEMP

    "TMP"=%SystemRoot%\TEMP

    "USERNAME"=SYSTEM

    "windir"=%SystemRoot%

    "PROCESSOR_LEVEL"=6

    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel

    "PROCESSOR_REVISION"=0e0c

    "NUMBER_OF_PROCESSORS"=2

    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

    "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

    -----------------EOF-----------------

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Olá,

    Leia as instruções contidas neste link:

    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

    1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

    [*]Duplo clique no icone desktopicon.png que está no desktop.

    [*]Leia e aceite as condições, digitando 1 e enter.

    [*]Computadores com Windows XP deverão instalar o Console de Recuperação:

    • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde.

    [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

    [*]Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

    [*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

    • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
    • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Abraço

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Lusitano, boa tarde.

    Não possuo o Cd de instalação do Windows Vista, para dar o boot no Ambiente de Instalação. Posso executar o ComboFix assim mesmo? Lembrei outra coisa: meu acesso à internet é realizado através de modem da Claro, que tb tem entrada USB. Será que o Autorun.Inf pode estar instalado lá também? Perdoe-me se eu estiver dizendo alguma besteira... Abraço e obrigada

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Como você tem o Vista, apenas desative temporariamente o seu antivirus e rode o combofix.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Pronto, amigão! Abaixo vai o log do CF:

    ComboFix 08-10-23.08 - Roberto 2008-10-24 14:44:36.1 - NTFSx86

    Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1046.18.301 [GMT -2:00]

    Executando de: C:\Users\Roberto\Desktop\ComboFix.exe

    * Criado um novo ponto de restauro

    .

    Error: Cfiles.dat

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Service_GbpSv

    (((((((((((((((( Arquivos/Ficheiros criados de 2008-09-24 to 2008-10-24 ))))))))))))))))))))))))))))

    .

    2008-10-24 15:17 . 2008-10-24 15:18 144,828,864 --a------ C:\Windows\MEMORY.DMP

    2008-10-23 13:54 . 2008-10-23 13:55 <DIR> d-------- C:\rsit

    2008-10-23 13:54 . 2008-10-23 13:55 <DIR> d-------- C:\Program Files\trend micro

    2008-10-21 19:59 . 2008-10-21 19:59 <DIR> d-------- C:\Users\Roberto\AppData\Roaming\HPAppData

    2008-10-18 14:28 . 2008-10-18 14:28 <DIR> d-------- C:\Users\All Users\Avira

    2008-10-18 14:28 . 2008-10-18 14:28 <DIR> d-------- C:\ProgramData\Avira

    2008-10-18 14:28 . 2008-10-18 14:28 <DIR> d-------- C:\Program Files\Avira

    2008-10-16 20:31 . 2008-10-20 21:59 <DIR> d-------- C:\Users\Roberto\AppData\Roaming\Desktopicon

    2008-10-16 20:31 . 2008-10-23 20:23 <DIR> d-------- C:\Program Files\Unlocker

    2008-10-16 19:20 . 2008-10-23 18:21 <DIR> d-------- C:\PenClean

    2008-10-16 11:19 . 2008-10-16 11:53 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy

    2008-10-16 11:19 . 2008-10-16 11:53 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy

    2008-10-15 17:52 . 2008-09-18 00:03 2,027,520 --a------ C:\Windows\System32\win32k.sys

    2008-10-15 17:51 . 2008-08-25 23:12 290,304 --a------ C:\Windows\System32\drivers\srv.sys

    2008-10-15 17:47 . 2008-09-18 02:35 3,505,208 --a------ C:\Windows\System32\ntkrnlpa.exe

    2008-10-15 17:47 . 2008-09-18 02:35 3,470,904 --a------ C:\Windows\System32\ntoskrnl.exe

    2008-10-11 15:21 . 2008-10-16 12:33 <DIR> d-------- C:\Program Files\Opera

    2008-10-10 19:47 . 2008-10-21 20:00 152,026 --a------ C:\Windows\hpoins14.dat

    2008-10-10 19:47 . 2007-06-05 21:07 2,000 --------- C:\Windows\hpomdl14.dat

    2008-10-03 13:13 . 2008-10-03 13:14 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

    2008-10-03 13:13 . 2008-10-03 13:14 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

    2008-10-03 13:13 . 2008-10-03 13:14 <DIR> d-------- C:\Program Files\iTunes

    2008-10-03 13:13 . 2008-10-03 13:13 <DIR> d-------- C:\Program Files\iPod

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-10-24 17:20 --------- d---a-w C:\ProgramData\TEMP

    2008-10-23 23:01 --------- d-----w C:\ProgramData\Google Updater

    2008-10-23 22:12 --------- d-----w C:\Program Files\Java

    2008-10-23 20:47 --------- d-----w C:\ProgramData\GbPlugin

    2008-10-23 20:47 --------- d-----w C:\Program Files\GbPlugin

    2008-10-23 14:57 --------- d-----w C:\Program Files\Spyware Doctor

    2008-10-20 23:59 --------- d-----w C:\ProgramData\HP Product Assistant

    2008-10-20 22:16 --------- d-----w C:\Program Files\HP

    2008-10-16 20:49 --------- d-----w C:\Program Files\Marcos Velasco Security

    2008-10-15 20:33 --------- d-----w C:\Program Files\Windows Mail

    2008-10-09 22:59 --------- d-----w C:\Program Files\Bonjour

    2008-10-09 22:44 --------- d-----w C:\Program Files\Google

    2008-10-09 14:47 --------- d-----w C:\Users\Roberto\AppData\Roaming\PC Suite

    2008-10-05 14:30 262,144 ----a-w C:\ProgramData\ntuser.dat

    2008-10-02 03:49 826,368 ----a-w C:\Windows\System32\wininet.dll

    2008-10-02 03:49 56,320 ----a-w C:\Windows\System32\iesetup.dll

    2008-10-02 03:49 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

    2008-10-02 03:48 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

    2008-09-20 15:04 --------- d-----w C:\Program Files\QuickTime

    2008-09-20 15:03 --------- d-----w C:\Program Files\Common Files\Apple

    2008-09-18 23:54 --------- d-----w C:\ProgramData\FLEXnet

    2008-09-14 20:31 2,560 ----a-w C:\Windows\_MSRSTRT.EXE

    2008-09-14 20:30 --------- d-----w C:\ProgramData\SpeedBit

    2008-09-12 15:52 --------- d-----w C:\Program Files\Windows Sidebar

    2008-09-12 15:52 --------- d-----w C:\Program Files\Windows Journal

    2008-09-12 15:52 --------- d-----w C:\Program Files\Windows Collaboration

    2008-09-12 15:52 --------- d-----w C:\Program Files\Mobile Partner

    2008-09-05 22:50 --------- d-----w C:\Program Files\Unity

    2008-08-30 18:18 --------- d-----w C:\ProgramData\WLInstaller

    2008-08-29 13:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe

    2008-08-29 12:53 61,440 ----a-w C:\Windows\System32\dnssd.dll

    2008-08-17 15:58 795,278,976 ----a-w C:\Users\Roberto\ADBEILSTCS3_WWE.exe

    2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

    2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

    2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll

    2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

    2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

    2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll

    2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

    2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

    2008-07-11 18:30 174 --sha-w C:\Program Files\desktop.ini

    2008-02-01 14:13 2,828 --sha-w C:\Windows\System32\KGyGaAvL.sys

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 1232896]

    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]

    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]

    "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 1079296]

    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]

    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-07-05 155648]

    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]

    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-14 185632]

    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-17 29744]

    "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 1107848]

    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]

    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

    "S3Trayp"="S3trayp.exe" [2007-07-05 C:\Windows\System32\s3trayp.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

    "LogonHoursAction"= 2 (0x2)

    "DontDisplayLogonHoursWarnings"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "C:\Windows\Downloaded Program Files\CONFLICT.7\gbiehabn.dll" [2008-05-16 369064]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

    "{019F7DE6-E7E4-4F18-B9C2-CFB4693CDD2A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

    "TCP Query User{862AF939-1A50-41E1-897A-F1F3C02F954E}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

    "UDP Query User{2794B9A3-1E93-4940-A419-24957A25C84E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

    "{AC130160-D329-48D8-8DF2-AE0727BFEE1C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

    "{B38BAA76-2732-4A8B-8F89-9A54931DCDF7}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

    "{02B13162-7C41-4D43-9399-AE28DED9D470}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

    "{5B5D6846-2A83-4BF4-A266-FD9A2A949B5D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2007-07-05 45568]

    R3 S3GIGP;S3GIGP;C:\Windows\system32\DRIVERS\VTGKModeDX32.sys [2007-07-05 843776]

    S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-02-07 240128]

    S3 GoogleDesktopManager-022208-143751;Gerenciador do Google Desktop 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-17 29744]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    bthsvcs REG_MULTI_SZ BthServ

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1edf56f5-57fb-11dd-b2e0-00140b37355d}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1edf5708-57fb-11dd-b2e0-00140b37355d}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2343b13a-0d57-11dd-9aaf-806e6f6e6963}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e3e377-cabb-11dc-bde6-00140b37355d}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e3e397-cabb-11dc-bde6-00140b37355d}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a9886d1-cff6-11dc-af84-00140b37355d}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a9886d8-cff6-11dc-af84-00140b37355d}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b74c0f2-0d68-11dd-bb87-806e6f6e6963}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4889de78-0d4a-11dd-95de-806e6f6e6963}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74a7b2bf-cce2-11dc-8e48-00140b37355d}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{759df293-d439-11dc-8e60-806e6f6e6963}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c76496e-6952-11dd-8bd0-00140b37355d}]

    \shell\Auto\command - F:\MicrosoftPowerPoint.exe

    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\MicrosoftPowerPoint.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d025542-5982-11dd-8eda-806e6f6e6963}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a174e83d-cd06-11dc-a6af-00140b37355d}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a174e868-cd06-11dc-a6af-00140b37355d}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a22fcada-3662-11dd-b417-806e6f6e6963}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab587db5-80c8-11dd-8c1e-00140b37355d}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab587dcd-80c8-11dd-8c1e-00140b37355d}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b499ed80-80df-11dd-bd9c-806e6f6e6963}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4102729-ce62-11dc-9d21-806e6f6e6963}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1c7abb1-ce66-11dc-bec9-806e6f6e6963}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d49eaf6c-0d6c-11dd-87af-806e6f6e6963}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9129c1a-fb3f-11dc-8a18-806e6f6e6963}]

    \shell\AutoRun\command - E:\AutoRun.exe

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2008-10-24 C:\Windows\Tasks\User_Feed_Synchronization-{836B7669-B7D6-4620-891B-7367ACB3739B}.job

    - C:\Windows\system32\msfeedssync.exe [2006-11-02 07:45]

    .

    .

    ------- Scan Suplementar -------

    .

    FireFox -: Profile - C:\Users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\led8zgux.default\

    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.hotmail.com/

    FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1070.1219\npCIDetect11.dll

    FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-10-24 15:20:09

    Windows 6.0.6000 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    PROCESSOS: C:\Windows\Explorer.exe

    -> C:\Program Files\Unlocker\UnlockerHook.dll

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    C:\Windows\System32\audiodg.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE

    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

    C:\Program Files\Spyware Doctor\pctsAuxs.exe

    C:\Program Files\Spyware Doctor\pctsSvc.exe

    C:\Windows\System32\PAStiSvc.exe

    C:\Windows\System32\WUDFHost.exe

    C:\Windows\System32\drivers\XAudio.exe

    C:\Windows\System32\conime.exe

    C:\Windows\System32\WerFault.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Program Files\Apoint2K\ApMsgFwd.exe

    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

    C:\Program Files\Apoint2K\ApntEx.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

    C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

    C:\Windows\servicing\TrustedInstaller.exe

    .

    **************************************************************************

    .

    Tempo para conclusão: 2008-10-24 15:27:49 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2008-10-24 17:27:33

    Pré-execução: O sistema não pode encontrar o texto correspondente à mensagem de número 0x2379 no arquivo de mensagens para Application.

    Pós execução: 28,770,607,104 bytes disponíveis

    255 --- E O F --- 2008-10-24 05:01:10

    Obrigada mais uma vez!!!!!!!!!!!!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Olá, conecte os seus mídias mas não execute nenhum arquivo deles.

    ( 1 ) Nota muito importante: Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reactive as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

    ( 2 ) Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Quote":

    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1edf56f5-57fb-11dd-b2e0-00140b37355d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1edf5708-57fb-11dd-b2e0-00140b37355d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2343b13a-0d57-11dd-9aaf-806e6f6e6963}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e3e377-cabb-11dc-bde6-00140b37355d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e3e397-cabb-11dc-bde6-00140b37355d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a9886d1-cff6-11dc-af84-00140b37355d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a9886d8-cff6-11dc-af84-00140b37355d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b74c0f2-0d68-11dd-bb87-806e6f6e6963}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4889de78-0d4a-11dd-95de-806e6f6e6963}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74a7b2bf-cce2-11dc-8e48-00140b37355d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{759df293-d439-11dc-8e60-806e6f6e6963}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c76496e-6952-11dd-8bd0-00140b37355d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d025542-5982-11dd-8eda-806e6f6e6963}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a174e83d-cd06-11dc-a6af-00140b37355d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a174e868-cd06-11dc-a6af-00140b37355d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a22fcada-3662-11dd-b417-806e6f6e6963}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab587db5-80c8-11dd-8c1e-00140b37355d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab587dcd-80c8-11dd-8c1e-00140b37355d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b499ed80-80df-11dd-bd9c-806e6f6e6963}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4102729-ce62-11dc-9d21-806e6f6e6963}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1c7abb1-ce66-11dc-bec9-806e6f6e6963}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d49eaf6c-0d6c-11dd-87af-806e6f6e6963}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9129c1a-fb3f-11dc-8a18-806e6f6e6963}]

    • Salve este arquivo como: CFScript.txt
      CFScriptB-4.gif
    • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
    • Quando a ferramenta terminar de rodar, gerará um log. Cole o conteúdo desse arquivo C:\ComboFix.txt.
    • Faça também um novo log do HijackThis para colocar na sua resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Lusitano:

    este foi log gerado após o último procedimento.

    Obrigada

    omboFix 08-10-23.08 - Roberto 2008-10-24 14:44:36.1 - NTFSx86

    Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1046.18.301 [GMT -2:00]

    Executando de: C:\Users\Roberto\Desktop\ComboFix.exe

    * Criado um novo ponto de restauro

    .

    Error: Cfiles.dat

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Service_GbpSv

    (((((((((((((((( Arquivos/Ficheiros criados de 2008-09-24 to 2008-10-24 ))))))))))))))))))))))))))))

    .

    2008-10-24 15:17 . 2008-10-24 15:18 144,828,864 --a------ C:\Windows\MEMORY.DMP

    2008-10-23 13:54 . 2008-10-23 13:55 <DIR> d-------- C:\rsit

    2008-10-23 13:54 . 2008-10-23 13:55 <DIR> d-------- C:\Program Files\trend micro

    2008-10-21 19:59 . 2008-10-21 19:59 <DIR> d-------- C:\Users\Roberto\AppData\Roaming\HPAppData

    2008-10-18 14:28 . 2008-10-18 14:28 <DIR> d-------- C:\Users\All Users\Avira

    2008-10-18 14:28 . 2008-10-18 14:28 <DIR> d-------- C:\ProgramData\Avira

    2008-10-18 14:28 . 2008-10-18 14:28 <DIR> d-------- C:\Program Files\Avira

    2008-10-16 20:31 . 2008-10-20 21:59 <DIR> d-------- C:\Users\Roberto\AppData\Roaming\Desktopicon

    2008-10-16 20:31 . 2008-10-23 20:23 <DIR> d-------- C:\Program Files\Unlocker

    2008-10-16 19:20 . 2008-10-23 18:21 <DIR> d-------- C:\PenClean

    2008-10-16 11:19 . 2008-10-16 11:53 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy

    2008-10-16 11:19 . 2008-10-16 11:53 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy

    2008-10-15 17:52 . 2008-09-18 00:03 2,027,520 --a------ C:\Windows\System32\win32k.sys

    2008-10-15 17:51 . 2008-08-25 23:12 290,304 --a------ C:\Windows\System32\drivers\srv.sys

    2008-10-15 17:47 . 2008-09-18 02:35 3,505,208 --a------ C:\Windows\System32\ntkrnlpa.exe

    2008-10-15 17:47 . 2008-09-18 02:35 3,470,904 --a------ C:\Windows\System32\ntoskrnl.exe

    2008-10-11 15:21 . 2008-10-16 12:33 <DIR> d-------- C:\Program Files\Opera

    2008-10-10 19:47 . 2008-10-21 20:00 152,026 --a------ C:\Windows\hpoins14.dat

    2008-10-10 19:47 . 2007-06-05 21:07 2,000 --------- C:\Windows\hpomdl14.dat

    2008-10-03 13:13 . 2008-10-03 13:14 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

    2008-10-03 13:13 . 2008-10-03 13:14 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

    2008-10-03 13:13 . 2008-10-03 13:14 <DIR> d-------- C:\Program Files\iTunes

    2008-10-03 13:13 . 2008-10-03 13:13 <DIR> d-------- C:\Program Files\iPod

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-10-24 17:20 --------- d---a-w C:\ProgramData\TEMP

    2008-10-23 23:01 --------- d-----w C:\ProgramData\Google Updater

    2008-10-23 22:12 --------- d-----w C:\Program Files\Java

    2008-10-23 20:47 --------- d-----w C:\ProgramData\GbPlugin

    2008-10-23 20:47 --------- d-----w C:\Program Files\GbPlugin

    2008-10-23 14:57 --------- d-----w C:\Program Files\Spyware Doctor

    2008-10-20 23:59 --------- d-----w C:\ProgramData\HP Product Assistant

    2008-10-20 22:16 --------- d-----w C:\Program Files\HP

    2008-10-16 20:49 --------- d-----w C:\Program Files\Marcos Velasco Security

    2008-10-15 20:33 --------- d-----w C:\Program Files\Windows Mail

    2008-10-09 22:59 --------- d-----w C:\Program Files\Bonjour

    2008-10-09 22:44 --------- d-----w C:\Program Files\Google

    2008-10-09 14:47 --------- d-----w C:\Users\Roberto\AppData\Roaming\PC Suite

    2008-10-05 14:30 262,144 ----a-w C:\ProgramData\ntuser.dat

    2008-10-02 03:49 826,368 ----a-w C:\Windows\System32\wininet.dll

    2008-10-02 03:49 56,320 ----a-w C:\Windows\System32\iesetup.dll

    2008-10-02 03:49 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

    2008-10-02 03:48 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

    2008-09-20 15:04 --------- d-----w C:\Program Files\QuickTime

    2008-09-20 15:03 --------- d-----w C:\Program Files\Common Files\Apple

    2008-09-18 23:54 --------- d-----w C:\ProgramData\FLEXnet

    2008-09-14 20:31 2,560 ----a-w C:\Windows\_MSRSTRT.EXE

    2008-09-14 20:30 --------- d-----w C:\ProgramData\SpeedBit

    2008-09-12 15:52 --------- d-----w C:\Program Files\Windows Sidebar

    2008-09-12 15:52 --------- d-----w C:\Program Files\Windows Journal

    2008-09-12 15:52 --------- d-----w C:\Program Files\Windows Collaboration

    2008-09-12 15:52 --------- d-----w C:\Program Files\Mobile Partner

    2008-09-05 22:50 --------- d-----w C:\Program Files\Unity

    2008-08-30 18:18 --------- d-----w C:\ProgramData\WLInstaller

    2008-08-29 13:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe

    2008-08-29 12:53 61,440 ----a-w C:\Windows\System32\dnssd.dll

    2008-08-17 15:58 795,278,976 ----a-w C:\Users\Roberto\ADBEILSTCS3_WWE.exe

    2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

    2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

    2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll

    2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

    2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

    2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll

    2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

    2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

    2008-07-11 18:30 174 --sha-w C:\Program Files\desktop.ini

    2008-02-01 14:13 2,828 --sha-w C:\Windows\System32\KGyGaAvL.sys

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 1232896]

    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]

    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]

    "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 1079296]

    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]

    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-07-05 155648]

    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]

    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-14 185632]

    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-17 29744]

    "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 1107848]

    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]

    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

    "S3Trayp"="S3trayp.exe" [2007-07-05 C:\Windows\System32\s3trayp.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

    "LogonHoursAction"= 2 (0x2)

    "DontDisplayLogonHoursWarnings"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "C:\Windows\Downloaded Program Files\CONFLICT.7\gbiehabn.dll" [2008-05-16 369064]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

    "{019F7DE6-E7E4-4F18-B9C2-CFB4693CDD2A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

    "TCP Query User{862AF939-1A50-41E1-897A-F1F3C02F954E}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

    "UDP Query User{2794B9A3-1E93-4940-A419-24957A25C84E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

    "{AC130160-D329-48D8-8DF2-AE0727BFEE1C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

    "{B38BAA76-2732-4A8B-8F89-9A54931DCDF7}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

    "{02B13162-7C41-4D43-9399-AE28DED9D470}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

    "{5B5D6846-2A83-4BF4-A266-FD9A2A949B5D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2007-07-05 45568]

    R3 S3GIGP;S3GIGP;C:\Windows\system32\DRIVERS\VTGKModeDX32.sys [2007-07-05 843776]

    S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-02-07 240128]

    S3 GoogleDesktopManager-022208-143751;Gerenciador do Google Desktop 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-17 29744]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    bthsvcs REG_MULTI_SZ BthServ

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1edf56f5-57fb-11dd-b2e0-00140b37355d}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1edf5708-57fb-11dd-b2e0-00140b37355d}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2343b13a-0d57-11dd-9aaf-806e6f6e6963}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e3e377-cabb-11dc-bde6-00140b37355d}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e3e397-cabb-11dc-bde6-00140b37355d}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a9886d1-cff6-11dc-af84-00140b37355d}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a9886d8-cff6-11dc-af84-00140b37355d}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b74c0f2-0d68-11dd-bb87-806e6f6e6963}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4889de78-0d4a-11dd-95de-806e6f6e6963}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74a7b2bf-cce2-11dc-8e48-00140b37355d}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{759df293-d439-11dc-8e60-806e6f6e6963}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c76496e-6952-11dd-8bd0-00140b37355d}]

    \shell\Auto\command - F:\MicrosoftPowerPoint.exe

    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\MicrosoftPowerPoint.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d025542-5982-11dd-8eda-806e6f6e6963}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a174e83d-cd06-11dc-a6af-00140b37355d}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a174e868-cd06-11dc-a6af-00140b37355d}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a22fcada-3662-11dd-b417-806e6f6e6963}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab587db5-80c8-11dd-8c1e-00140b37355d}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab587dcd-80c8-11dd-8c1e-00140b37355d}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b499ed80-80df-11dd-bd9c-806e6f6e6963}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4102729-ce62-11dc-9d21-806e6f6e6963}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1c7abb1-ce66-11dc-bec9-806e6f6e6963}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d49eaf6c-0d6c-11dd-87af-806e6f6e6963}]

    \shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9129c1a-fb3f-11dc-8a18-806e6f6e6963}]

    \shell\AutoRun\command - E:\AutoRun.exe

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2008-10-24 C:\Windows\Tasks\User_Feed_Synchronization-{836B7669-B7D6-4620-891B-7367ACB3739B}.job

    - C:\Windows\system32\msfeedssync.exe [2006-11-02 07:45]

    .

    .

    ------- Scan Suplementar -------

    .

    FireFox -: Profile - C:\Users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\led8zgux.default\

    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.hotmail.com/

    FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1070.1219\npCIDetect11.dll

    FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-10-24 15:20:09

    Windows 6.0.6000 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    PROCESSOS: C:\Windows\Explorer.exe

    -> C:\Program Files\Unlocker\UnlockerHook.dll

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    C:\Windows\System32\audiodg.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE

    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

    C:\Program Files\Spyware Doctor\pctsAuxs.exe

    C:\Program Files\Spyware Doctor\pctsSvc.exe

    C:\Windows\System32\PAStiSvc.exe

    C:\Windows\System32\WUDFHost.exe

    C:\Windows\System32\drivers\XAudio.exe

    C:\Windows\System32\conime.exe

    C:\Windows\System32\WerFault.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Program Files\Apoint2K\ApMsgFwd.exe

    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

    C:\Program Files\Apoint2K\ApntEx.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

    C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

    C:\Windows\servicing\TrustedInstaller.exe

    .

    **************************************************************************

    .

    Tempo para conclusão: 2008-10-24 15:27:49 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2008-10-24 17:27:33

    Pré-execução: O sistema não pode encontrar o texto correspondente à mensagem de número 0x2379 no arquivo de mensagens para Application.

    Pós execução: 28,770,607,104 bytes disponíveis

    255 --- E O F --- 2008-10-24 05:01:10

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Agora vai o log do HijackThis.

    Obrigada outra vez...

    ogfile of Trend Micro HijackThis v2.0.2

    Scan saved at 17:49:35, on 24/10/2008

    Platform: Windows Vista (WinNT 6.00.1904)

    MSIE: Internet Explorer v7.00 (7.00.6000.16757)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskeng.exe

    C:\Program Files\Spyware Doctor\pctsTray.exe

    C:\Program Files\Apoint2K\Apoint.exe

    C:\Windows\System32\s3trayp.exe

    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Unlocker\UnlockerAssistant.exe

    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

    C:\Windows\ehome\ehtray.exe

    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

    C:\Program Files\Apoint2K\Apntex.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

    C:\Windows\system32\wuauclt.exe

    C:\Windows\Explorer.exe

    C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

    C:\Program Files\Internet Explorer\ieuser.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\Windows\System32\mobsync.exe

    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

    C:\Users\Roberto\AppData\Local\Temp\Temp2_HiJackThis.zip\HijackThis.exe

    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: Gerenciador do Google Desktop 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    O23 - Service: STI Simulator - Unknown owner - C:\Windows\System32\PAStiSvc.exe

    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --

    End of file - 3251 bytes

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Faça o download de OTMoveIt3 by OldTimer e salve no desktop.

    Duplo-Clique no icone otmi3desktopicon.png que está no seu desktop.

    Copie o texto que está abaixo dentro do "Code" e cole na área abaixo de pasteline.png:


    :processes
    explorer.exe
    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1edf56f5-57fb-11dd-b2e0-00140b37355d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1edf5708-57fb-11dd-b2e0-00140b37355d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2343b13a-0d57-11dd-9aaf-806e6f6e6963}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e3e377-cabb-11dc-bde6-00140b37355d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e3e397-cabb-11dc-bde6-00140b37355d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a9886d1-cff6-11dc-af84-00140b37355d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a9886d8-cff6-11dc-af84-00140b37355d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b74c0f2-0d68-11dd-bb87-806e6f6e6963}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4889de78-0d4a-11dd-95de-806e6f6e6963}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74a7b2bf-cce2-11dc-8e48-00140b37355d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{759df293-d439-11dc-8e60-806e6f6e6963}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c76496e-6952-11dd-8bd0-00140b37355d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d025542-5982-11dd-8eda-806e6f6e6963}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a174e83d-cd06-11dc-a6af-00140b37355d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a174e868-cd06-11dc-a6af-00140b37355d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a22fcada-3662-11dd-b417-806e6f6e6963}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab587db5-80c8-11dd-8c1e-00140b37355d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab587dcd-80c8-11dd-8c1e-00140b37355d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b499ed80-80df-11dd-bd9c-806e6f6e6963}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4102729-ce62-11dc-9d21-806e6f6e6963}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1c7abb1-ce66-11dc-bec9-806e6f6e6963}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d49eaf6c-0d6c-11dd-87af-806e6f6e6963}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9129c1a-fb3f-11dc-8a18-806e6f6e6963}]
    :commands
    [EmptyTemp]
    [Reboot]

    Clique agora no botão btnmoveit.png

    Caso apareça o aviso para reiniciar o computador, faça isso.

    Na sua proxima resposta, copie e cole o todo o conteúdo que está em results.png

    Se o computador reiniciou e não lhe foi possível copiar o resultado, abra o Bloco de Notas (Iniciar ~> Programs ~> Acessorios ~> Bloco de Notas), clique em Arquivo ~> Abrir e na caixa "Nome do Arquivo", coloque *.log e dê enter; Procure a pasta C:\_OTMoveIt\MovedFiles, e abra o mais recente arquivo .log presente. Copie e cole todo o conteúdo desse arquivo.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Lusitano, bom dia!!! Estou te dando um trabalhão, né? Aqui vai o log do OTMoveIt3:

    ========== PROCESSES ==========

    Process explorer.exe killed successfully.

    ========== REGISTRY ==========

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1edf56f5-57fb-11dd-b2e0-00140b37355d}\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1edf5708-57fb-11dd-b2e0-00140b37355d}\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2343b13a-0d57-11dd-9aaf-806e6f6e6963}\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e3e377-cabb-11dc-bde6-00140b37355d}\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e3e397-cabb-11dc-bde6-00140b37355d}\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a9886d1-cff6-11dc-af84-00140b37355d}\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a9886d8-cff6-11dc-af84-00140b37355d}\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b74c0f2-0d68-11dd-bb87-806e6f6e6963}\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4889de78-0d4a-11dd-95de-806e6f6e6963}\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74a7b2bf-cce2-11dc-8e48-00140b37355d}\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{759df293-d439-11dc-8e60-806e6f6e6963}\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c76496e-6952-11dd-8bd0-00140b37355d}\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d025542-5982-11dd-8eda-806e6f6e6963}\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a174e83d-cd06-11dc-a6af-00140b37355d}\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a174e868-cd06-11dc-a6af-00140b37355d}\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a22fcada-3662-11dd-b417-806e6f6e6963}\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab587db5-80c8-11dd-8c1e-00140b37355d}\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab587dcd-80c8-11dd-8c1e-00140b37355d}\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b499ed80-80df-11dd-bd9c-806e6f6e6963}\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4102729-ce62-11dc-9d21-806e6f6e6963}\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1c7abb1-ce66-11dc-bec9-806e6f6e6963}\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d49eaf6c-0d6c-11dd-87af-806e6f6e6963}\\ deleted successfully.

    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9129c1a-fb3f-11dc-8a18-806e6f6e6963}\\ deleted successfully.

    ========== COMMANDS ==========

    File delete failed. C:\Users\Roberto\AppData\Local\Temp\~DF3321.tmp scheduled to be deleted on reboot.

    User's Temp folder emptied.

    User's Temporary Internet Files folder emptied.

    User's Internet Explorer cache folder emptied.

    Local Service Temp folder emptied.

    Local Service Temporary Internet Files folder emptied.

    File delete failed. C:\Windows\temp\hpqddsvc.log scheduled to be deleted on reboot.

    File delete failed. C:\Windows\temp\lpksetup-20081024-153328-0.log scheduled to be deleted on reboot.

    File delete failed. C:\Windows\temp\lpksetup-20081024-153332-0.log scheduled to be deleted on reboot.

    File delete failed. C:\Windows\temp\lpksetup-20081024-212844-0.log scheduled to be deleted on reboot.

    File delete failed. C:\Windows\temp\lpksetup-20081024-212846-0.log scheduled to be deleted on reboot.

    File delete failed. C:\Windows\temp\lpksetup-20081025-203525-0.log scheduled to be deleted on reboot.

    File delete failed. C:\Windows\temp\lpksetup-20081025-203527-0.log scheduled to be deleted on reboot.

    File delete failed. C:\Windows\temp\MpCmdRun.log scheduled to be deleted on reboot.

    File delete failed. C:\Windows\temp\MpSigStub.log scheduled to be deleted on reboot.

    Windows Temp folder emptied.

    FireFox cache emptied.

    Opera cache emptied.

    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10272008_122535

    OBRIGADÃO!!!!!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Olá,

    Por favor gere e cole um novo log do HijackThis e informe como está o computador agora.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Abaixo segue o log do HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 13:32:45, on 27/10/2008

    Platform: Windows Vista (WinNT 6.00.1904)

    MSIE: Internet Explorer v7.00 (7.00.6000.16757)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Apoint2K\Apoint.exe

    C:\Windows\System32\s3trayp.exe

    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Program Files\Spyware Doctor\pctsTray.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Unlocker\UnlockerAssistant.exe

    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

    C:\Windows\ehome\ehtray.exe

    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

    C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

    C:\Program Files\Apoint2K\Apntex.exe

    C:\Windows\system32\conime.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Program Files\Mobile Partner\Mobile Partner.exe

    C:\Program Files\Internet Explorer\ieuser.exe

    C:\Windows\system32\wuauclt.exe

    C:\Users\Roberto\AppData\Local\Temp\Temp1_HiJackThis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

    O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\CONFLICT.7\gbiehabn.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

    O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

    O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

    O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe

    O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

    O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

    O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

    O13 - Gopher Prefix:

    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: Gerenciador do Google Desktop 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    O23 - Service: STI Simulator - Unknown owner - C:\Windows\System32\PAStiSvc.exe

    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --

    End of file - 9238 bytes

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Olá, O seu Java está desatualizado.

    Versões antigas e desatualizadas, estão mais vulneráveis aos malwares.

    • Faça o download da última versão do Java Runtime Environment (JRE) 6 Update 10 e salve no seu ambiente de trabalho (Desktop).
    • Navegue até "Java Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications".
    • Clique em "Download". (está do lado direito)
    • Selecione a sua Plataforma: "Windows".
    • Selecione a sua linguagem: "Português".
    • Leia a Licença de uso e marque a caixa: "Accept License Agreement".
    • Clique "Continue".
    • Clique no link para download Windows Offline Installation e salve o arquivo no seu Ambiente de Trabalho.
    • Feche todos os programas que esteja usar. Especialmente o seu Navegador (IE, Firefox, etc)
    • Clique em Iniciar -> Configurações -> Painel de Controle, duplo clique em Adicionar/Remover Programas e remova todas as versões antigas de Java.
    • Marque qualquer item , que tenha no nome: Java Runtime Environment (JRE ou J2SE). Deverá ter um icone como este javaicon.jpg
    • Clique em Remover ou Modificar/Remover.
    • Repita quantas vezes for necessário, até que tenha removido todas as versões antigas de Java que existam no seu PC.
    • Reinicie o seu computador, após ter removido as versões antigas de Java.
    • Dê agora o duplo-clique em jre-6u10-windows-i586-p.exe (está no seu desktop), para instalar a nova e mais segura versão de Java.

    No mais o seu log está limpo

    • Clique em Iniciar depois em Executar
    • Digite agora Combofix /u e clique OK, tal como exemplificado na imagem abaixo.

    CF_Cleanup.png

    Faça o download de OTCleanIt by OldTimer

    • Salve no seu desktop (área/ambiente de trabalho).
    • Duplo-clique no icone otcleanitdesktopicon.png
    • Clique no botão "Cleanup" 8gehxg0.gif
    • Permita que o seu computador seja reiniciado.

    Agora que seu pc está limpo, siga estes passos para manter seu computador limpo e protegido:

    • Elimine a Pasta (caso exista): Backups do HijackThis
    • Utilize um navegador alternativo e mais seguro:
      firefox-spread-btn-1b.png ou Opera_logo1.gif
    • Utilize uma Firewall - É extremamente importante na proteção ao seu computador.
      Boas opções grátis são:
      Comodo Firewall Pro
      Online Armor Free edition
    • Instale o SpywareBlaster - SpywareBlaster adiciona uma lista de programas e sites maliciosos ao Internet Explorer e FireFox que o irão proteger desses sites e programas.
    • Visite o Secunia Software Inspector e veja o estado dos seus programas no que diz respeito às actualizações.
    • Mantenha seus programas devidamente actualizados.
      Estar actualizado é estar seguro. Clique aqui

    Algumas utilidades extras que podem aumentar a proteção ao seu computador:

    • IE/Spyad <=
      IE/Spyad adiciona para cima de 4000 websites e dominios à lista de restrições do IE.
    • MVPS Hosts <= O MVPS Hosts cria um novo arquivo HOSTS contendo sites conhecidos, IP's, etc. Basicamente, irá prevenir que o seu pc se conecte a esses sites maliciosos
    • Google Toolbar <= A toolbar do Google previne os pop up's.

    Foi um prazer ajudar thumbsup.gif

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • O Modem e o Memory Card continuam apresentando o Autorun.Inf. Ou seja: não consigo acessá-los. Aparece uma mensagem dizendo que eles estão "protegidos contra gravação". O Autorun só aparece quando tiro a seleção do item "Ocultar arquivos do sistema operacional" nas opções de pasta/mostrar arquivos ocultos. Aparece um Power.Point no Memory Card que não executei porque tive receio.

    Obrigada

    Editado por claudiamodolo
    Suspensão de bloqueio do tópico

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Segue abaixo o log gerado pelo ComboFix, porém ele não acessa nem o modem em o Memory Card. Aparece a seguinte mensagem: Windows -Erro de proteção contra gravação

    Exception Processing Message

    0xc00000a2 Parameters 0x75FE023C

    0x75FE023C 0x84DEE2C

    0x75FE023C

    Log do Combofix

    ComboFix 08-10-23.08 - Roberto 2008-10-29 20:36:38.2 - NTFSx86

    Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1046.18.297 [GMT -2:00]

    Executando de: C:\Users\Roberto\Desktop\ComboFix.exe

    .

    Error: Cfiles.dat

    (((((((((((((((( Arquivos/Ficheiros criados de 2008-09-28 to 2008-10-29 ))))))))))))))))))))))))))))

    .

    2008-10-29 17:19 . 2008-10-29 17:18 410,976 --a------ C:\Windows\System32\deploytk.dll

    2008-10-24 15:17 . 2008-10-24 15:18 144,828,864 --a------ C:\Windows\MEMORY.DMP

    2008-10-23 13:54 . 2008-10-23 13:55 <DIR> d-------- C:\rsit

    2008-10-23 13:54 . 2008-10-23 13:55 <DIR> d-------- C:\Program Files\trend micro

    2008-10-21 19:59 . 2008-10-21 19:59 <DIR> d-------- C:\Users\Roberto\AppData\Roaming\HPAppData

    2008-10-18 14:28 . 2008-10-18 14:28 <DIR> d-------- C:\Users\All Users\Avira

    2008-10-18 14:28 . 2008-10-18 14:28 <DIR> d-------- C:\ProgramData\Avira

    2008-10-18 14:28 . 2008-10-18 14:28 <DIR> d-------- C:\Program Files\Avira

    2008-10-16 20:31 . 2008-10-20 21:59 <DIR> d-------- C:\Users\Roberto\AppData\Roaming\Desktopicon

    2008-10-16 20:31 . 2008-10-27 20:01 <DIR> d-------- C:\Program Files\Unlocker

    2008-10-16 19:20 . 2008-10-23 18:21 <DIR> d-------- C:\PenClean

    2008-10-16 11:19 . 2008-10-16 11:53 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy

    2008-10-16 11:19 . 2008-10-16 11:53 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy

    2008-10-15 17:52 . 2008-09-18 00:03 2,027,520 --a------ C:\Windows\System32\win32k.sys

    2008-10-15 17:51 . 2008-08-25 23:12 290,304 --a------ C:\Windows\System32\drivers\srv.sys

    2008-10-15 17:47 . 2008-09-18 02:35 3,505,208 --a------ C:\Windows\System32\ntkrnlpa.exe

    2008-10-15 17:47 . 2008-09-18 02:35 3,470,904 --a------ C:\Windows\System32\ntoskrnl.exe

    2008-10-11 15:21 . 2008-10-16 12:33 <DIR> d-------- C:\Program Files\Opera

    2008-10-10 19:47 . 2008-10-21 20:00 152,026 --a------ C:\Windows\hpoins14.dat

    2008-10-10 19:47 . 2007-06-05 21:07 2,000 --------- C:\Windows\hpomdl14.dat

    2008-10-03 13:13 . 2008-10-03 13:14 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

    2008-10-03 13:13 . 2008-10-03 13:14 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

    2008-10-03 13:13 . 2008-10-03 13:14 <DIR> d-------- C:\Program Files\iTunes

    2008-10-03 13:13 . 2008-10-03 13:13 <DIR> d-------- C:\Program Files\iPod

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-10-29 19:27 --------- d-----w C:\Program Files\Spyware Doctor

    2008-10-29 19:26 --------- d---a-w C:\ProgramData\TEMP

    2008-10-29 15:37 --------- d-----w C:\ProgramData\Google Updater

    2008-10-29 15:28 --------- d-----w C:\ProgramData\HP Product Assistant

    2008-10-27 22:33 --------- d-----w C:\Program Files\Java

    2008-10-23 20:47 --------- d-----w C:\ProgramData\GbPlugin

    2008-10-23 20:47 --------- d-----w C:\Program Files\GbPlugin

    2008-10-20 22:16 --------- d-----w C:\Program Files\HP

    2008-10-16 20:49 --------- d-----w C:\Program Files\Marcos Velasco Security

    2008-10-15 20:33 --------- d-----w C:\Program Files\Windows Mail

    2008-10-09 22:59 --------- d-----w C:\Program Files\Bonjour

    2008-10-09 22:44 --------- d-----w C:\Program Files\Google

    2008-10-09 14:47 --------- d-----w C:\Users\Roberto\AppData\Roaming\PC Suite

    2008-10-05 14:30 262,144 ----a-w C:\ProgramData\ntuser.dat

    2008-10-02 03:49 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

    2008-09-20 15:04 --------- d-----w C:\Program Files\QuickTime

    2008-09-20 15:03 --------- d-----w C:\Program Files\Common Files\Apple

    2008-09-18 23:54 --------- d-----w C:\ProgramData\FLEXnet

    2008-09-14 20:31 2,560 ----a-w C:\Windows\_MSRSTRT.EXE

    2008-09-14 20:30 --------- d-----w C:\ProgramData\SpeedBit

    2008-09-12 15:52 --------- d-----w C:\Program Files\Windows Sidebar

    2008-09-12 15:52 --------- d-----w C:\Program Files\Windows Journal

    2008-09-12 15:52 --------- d-----w C:\Program Files\Windows Collaboration

    2008-09-12 15:52 --------- d-----w C:\Program Files\Mobile Partner

    2008-09-05 22:50 --------- d-----w C:\Program Files\Unity

    2008-08-30 18:18 --------- d-----w C:\ProgramData\WLInstaller

    2008-08-17 15:58 795,278,976 ----a-w C:\Users\Roberto\ADBEILSTCS3_WWE.exe

    2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

    2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

    2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

    2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

    2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

    2008-07-11 18:30 174 --sha-w C:\Program Files\desktop.ini

    2008-02-01 14:13 2,828 --sha-w C:\Windows\System32\KGyGaAvL.sys

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 1232896]

    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]

    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]

    "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 1079296]

    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]

    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-07-05 155648]

    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]

    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-14 185632]

    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-17 29744]

    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]

    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

    "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-29 136600]

    "S3Trayp"="S3trayp.exe" [2007-07-05 C:\Windows\System32\s3trayp.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

    "LogonHoursAction"= 2 (0x2)

    "DontDisplayLogonHoursWarnings"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "C:\Windows\Downloaded Program Files\CONFLICT.7\gbiehabn.dll" [2008-05-16 369064]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

    "{019F7DE6-E7E4-4F18-B9C2-CFB4693CDD2A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

    "TCP Query User{862AF939-1A50-41E1-897A-F1F3C02F954E}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

    "UDP Query User{2794B9A3-1E93-4940-A419-24957A25C84E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

    "{AC130160-D329-48D8-8DF2-AE0727BFEE1C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

    "{B38BAA76-2732-4A8B-8F89-9A54931DCDF7}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

    "{02B13162-7C41-4D43-9399-AE28DED9D470}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

    "{5B5D6846-2A83-4BF4-A266-FD9A2A949B5D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2007-07-05 45568]

    R3 S3GIGP;S3GIGP;C:\Windows\system32\DRIVERS\VTGKModeDX32.sys [2007-07-05 843776]

    S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-02-07 240128]

    S3 GoogleDesktopManager-022208-143751;Gerenciador do Google Desktop 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-17 29744]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    bthsvcs REG_MULTI_SZ BthServ

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c76496e-6952-11dd-8bd0-00140b37355d}]

    \shell\Auto\command - F:\MicrosoftPowerPoint.exe

    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\MicrosoftPowerPoint.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b499ed80-80df-11dd-bd9c-806e6f6e6963}]

    \shell\AutoRun\command - E:\AutoRun.exe

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2008-10-29 C:\Windows\Tasks\User_Feed_Synchronization-{836B7669-B7D6-4620-891B-7367ACB3739B}.job

    - C:\Windows\system32\msfeedssync.exe [2006-11-02 07:45]

    .

    .

    ------- Scan Suplementar -------

    .

    FireFox -: Profile - C:\Users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\led8zgux.default\

    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.hotmail.com/

    FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1070.1219\npCIDetect11.dll

    FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-10-29 21:00:27

    Windows 6.0.6000 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    PROCESSOS: C:\Windows\Explorer.exe

    -> C:\Program Files\Unlocker\UnlockerHook.dll

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    C:\Windows\System32\audiodg.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE

    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

    C:\Windows\System32\PAStiSvc.exe

    C:\Windows\System32\drivers\XAudio.exe

    C:\Windows\System32\WUDFHost.exe

    C:\Windows\System32\conime.exe

    C:\Program Files\Apoint2K\ApMsgFwd.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Program Files\Apoint2K\ApntEx.exe

    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

    C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

    C:\Windows\servicing\TrustedInstaller.exe

    C:\Windows\System32\dllhost.exe

    .

    **************************************************************************

    .

    Tempo para conclusão: 2008-10-29 21:07:10 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2008-10-29 23:06:57

    ComboFix2.txt 2008-10-29 20:00:16

    ComboFix3.txt 2008-10-24 17:27:52

    Pré-execução: 20.107.599.872 bytes disponíveis

    Pós execução: 19,995,512,832 bytes disponíveis

    196 --- E O F --- 2008-10-29 19:16:32

    Obrigada,

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Olá

    Faça um Online Scan em Eset Online Scanner

    • Nota: Apenas compatível com o Internet Explorer
    • Marque a caixa "SIM, aceito as condições de uso"
    • Clique no botão "Iniciar"
    • Marque a caixa "YES, I accept the Terms of Use".
    • Clique no botão Start.
    • Quando perguntado, aceite a licença e instale o contolor ActiveX.
    • Certifique-se que a opção "Remove found threats" não está marcada e a opção "Scan unwanted applications" está marcada.
    • Na sua próxima resposta, gere e cole um novo log do HijackThis e o resultado do scan (C:\Program Files\EsetOnlineScanner\log.txt)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Tentei por diversas vezes realizar o scanner do Free Eset Online Virus Scan. Mesmo executando como Administrador, aparece a seguinte mensagem de erro: Error: Cannote initialize Online Scanner. Administrator rights require.

    Obrigada,

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Olá,

    Clique AQUI para ser efectuado um online scan no Clipboard06.jpg ActiveScan

    ou em em 66wcidf.png

    • Nota: Apenas compatível com o Internet Explorer

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×