[Resolvido] Minha area de trabalho sumiu

[jeanjcds 0]

isso jah aconteceu faz uns dias, mas como ñ consegui dar jeito fui indicado a esse forum.

 

ai vai meu log

Logfile of HijackThis v1.99.1

Scan saved at 11:30:03, on 01/02/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

F:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

F:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

F:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

F:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

F:\Arquivos de programas\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

F:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe

F:\WINDOWS\system32\nvsvc32.exe

F:\WINDOWS\system32\PnkBstrA.exe

F:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

F:\WINDOWS\system32\svchost.exe

F:\Arquivos de programas\NVIDIA Corporation\System Update\UpdateCenterService.exe

F:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe

F:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

F:\WINDOWS\system32\taskmgr.exe

F:\WINDOWS\explorer.exe

F:\ARQUIV~1\MOZILL~1\FIREFOX.EXE

F:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

F:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

F:\LinhaDefenciva\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gg-game.com/

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: Shell=explorer.exe ,svchost.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.9.24.dll

O2 - BHO: Congoo Netpass - {40498DEF-8B13-44A6-A1A7-69DFE36E9210} - F:\Arquivos de programas\Congoo Netpass\congootb.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Congoo Netpass - {40498DEF-8B13-44A6-A1A7-69DFE36E9210} - F:\Arquivos de programas\Congoo Netpass\congootb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [WatchDog] F:\Arquivos de programas\mobile PhoneTools\WatchDog.exe

O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LogMeIn GUI] "F:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\RunOnce: [VistaTheme] F:\WINDOWS\VistaMizer\Theme.exe /S

O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LightDialer] F:\Arquivos de programas\Turbo\Discador Turbo\DISCADOR.EXE

O4 - HKCU\..\Run: [NVIDIA nTune] "F:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneCmd.exe" resetprofile

O4 - HKCU\..\Run: [eMuleAutoStart] F:\Arquivos de programas\eMule\emule.exe -AutoStart

O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Baixar link usando &BitComet - res://F:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://F:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://F:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://F:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {0AD475F1-D955-40a7-9FFF-C3BF075F04AA} - F:\Arquivos de programas\Congoo Netpass\congootb.dll

O9 - Extra 'Tools' menuitem: Congoo Netpass - {0AD475F1-D955-40a7-9FFF-C3BF075F04AA} - F:\Arquivos de programas\Congoo Netpass\congootb.dll

O9 - Extra button: (no name) - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)

O9 - Extra 'Tools' menuitem: Congoo Toolbar - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - F:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.9.24.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3CCE366E-E620-4B91-A35D-EF8FC85C3B2F}: NameServer = 201.10.120.3 201.10.1.2

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: LMIinit - F:\WINDOWS\SYSTEM32\LMIinit.dll

O20 - Winlogon Notify: PCANotify - F:\WINDOWS\SYSTEM32\PCANotify.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - F:\Arquivos de programas\Symantec\pcAnywhere\awhost32.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - F:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - F:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - F:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - F:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: MSSQL$PINNACLESYS - Unknown owner - F:\Arquivos de programas\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)

O23 - Service: NBService - Nero AG - F:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Performance Service (nTuneService) - NVIDIA - F:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PDEngine - Raxco Software, Inc. - F:\Arquivos de programas\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - F:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe

O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - F:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - F:\Arquivos de programas\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)

O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - F:\Arquivos de programas\NVIDIA Corporation\System Update\UpdateCenterService.exe

 

desde jah muito obrigado

[jgarcia 1]

Opa jeanjcds,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em F:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

[jeanjcds 0]

me desculpe a demora eh q havia ido viajar!

 

ai vão os dois logs

 

ComboFix 08-02.05.3 - Jean 2008-02-07 22:03:30.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1643 [GMT -2:00]

Executando de: F:\LinhaDefenciva\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

F:\Arquivos de programas\myglobalsearch

F:\Arquivos de programas\myglobalsearch\bar\History\search

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\NPF

 

 

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))))

.

 

2008-02-07 18:40 . 2008-02-07 18:40 <DIR> d-------- F:\Documents and Settings\LocalService\Dados de aplicativos\AVG7

2008-02-07 18:40 . 2008-02-07 20:19 <DIR> d-------- F:\Documents and Settings\Jean\Dados de aplicativos\AVG7

2008-02-07 18:40 . 2008-02-07 18:40 <DIR> d-------- F:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-02-07 18:40 . 2008-02-07 20:02 <DIR> d-------- F:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-02-07 18:40 . 2008-02-07 18:40 9,216 --a------ F:\WINDOWS\system32\avgwlntf.dll

2008-01-31 21:35 . 2008-01-31 21:35 8,294,454 --a------ F:\WINDOWS\startup.bmp

2008-01-31 21:35 . 2004-08-04 01:45 219,648 --a------ F:\WINDOWS\system32\uxtheme.backup

2008-01-31 21:33 . 2008-01-31 21:35 <DIR> d-------- F:\WINDOWS\VistaMizer

2008-01-31 20:40 . 2008-01-31 20:40 1,917 --a------ F:\WINDOWS\imsins.BAK

2008-01-30 17:42 . 2006-04-29 14:25 40,960 --a------ F:\WINDOWS\system32\psfind.dll

2008-01-29 12:55 . 2008-01-29 13:02 <DIR> d-------- F:\Documents and Settings\Jean\Dados de aplicativos\Aston

2008-01-29 12:55 . 2008-01-29 13:02 <DIR> dr------- F:\Arquivos de programas\Aston

2008-01-29 11:57 . 2008-01-29 12:14 <DIR> d-------- F:\Arquivos de programas\Karaoke Video

2008-01-29 11:18 . 2008-01-29 11:18 0 --a------ F:\WINDOWS\RealOrch.INI

2008-01-28 20:03 . 2008-02-07 20:02 <DIR> d-------- F:\Arquivos de programas\Mediacenter

2008-01-28 10:03 . 2008-01-29 10:42 <DIR> d-------- F:\Arquivos de programas\phenomedia

2008-01-27 11:40 . 2008-01-29 20:29 <DIR> d-------- F:\Arquivos de programas\Cartoon Network All-Stars

2008-01-27 00:45 . 2008-01-28 15:52 22,328 --a------ F:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-01-27 00:45 . 2008-01-27 00:45 22,328 --a------ F:\Documents and Settings\Jean\Dados de aplicativos\PnkBstrK.sys

2008-01-27 00:44 . 2008-01-28 15:52 107,832 --a------ F:\WINDOWS\system32\PnkBstrB.exe

2008-01-27 00:44 . 2008-01-28 15:52 66,872 --a------ F:\WINDOWS\system32\PnkBstrA.exe

2008-01-27 00:10 . 2008-01-27 00:10 285 --a------ F:\WINDOWS\game.ini

2008-01-26 15:39 . 2008-01-26 15:39 <DIR> d-------- F:\Arquivos de programas\Crazy Machines - Neues aus dem Labor

2008-01-25 19:40 . 2008-01-31 12:53 <DIR> d-------- F:\Documents and Settings\Jean\Dados de aplicativos\Bioshock

2008-01-25 14:04 . 2007-10-03 10:42 <DIR> d--h----- F:\Documents and Settings\LogMeInRemoteUser\Modelos

2008-01-25 14:04 . 2007-10-03 18:37 <DIR> d-------- F:\Documents and Settings\LogMeInRemoteUser\Meus documentos

2008-01-25 14:04 . 2007-10-03 18:37 <DIR> dr------- F:\Documents and Settings\LogMeInRemoteUser\Menu Iniciar

2008-01-25 14:04 . 2007-10-03 18:37 <DIR> d-------- F:\Documents and Settings\LogMeInRemoteUser\Favoritos

2008-01-25 14:04 . 2007-10-03 18:37 <DIR> dr-h----- F:\Documents and Settings\LogMeInRemoteUser\Dados de aplicativos

2008-01-25 14:04 . 2007-10-03 18:37 <DIR> d--h----- F:\Documents and Settings\LogMeInRemoteUser\Configurações locais

2008-01-25 14:04 . 2007-10-03 18:37 <DIR> d--h----- F:\Documents and Settings\LogMeInRemoteUser\Ambiente de rede

2008-01-25 14:04 . 2007-10-03 18:37 <DIR> d--h----- F:\Documents and Settings\LogMeInRemoteUser\Ambiente de impressão

2008-01-25 00:47 . 2008-01-25 00:47 <DIR> d-------- F:\Arquivos de programas\Konami

2008-01-24 22:02 . 2007-10-12 15:14 3,734,536 --a------ F:\WINDOWS\system32\d3dx9_36.dll

2008-01-24 22:02 . 2007-07-19 18:14 3,727,720 --a------ F:\WINDOWS\system32\d3dx9_35.dll

2008-01-24 22:02 . 2007-10-12 15:14 1,374,232 --a------ F:\WINDOWS\system32\D3DCompiler_36.dll

2008-01-24 22:02 . 2007-07-19 18:14 1,358,192 --a------ F:\WINDOWS\system32\D3DCompiler_35.dll

2008-01-24 22:02 . 2007-10-02 09:56 444,776 --a------ F:\WINDOWS\system32\d3dx10_36.dll

2008-01-24 22:02 . 2007-07-19 18:14 444,776 --a------ F:\WINDOWS\system32\d3dx10_35.dll

2008-01-24 22:02 . 2007-10-22 03:39 267,272 --a------ F:\WINDOWS\system32\xactengine2_10.dll

2008-01-24 22:02 . 2007-07-20 00:57 267,112 --a------ F:\WINDOWS\system32\xactengine2_9.dll

2008-01-24 22:00 . 2008-01-24 22:02 <DIR> d--h----- F:\WINDOWS\msdownld.tmp

2008-01-24 21:56 . 2008-01-24 21:56 <DIR> d-------- F:\Arquivos de programas\LevelUpGames

2008-01-24 15:10 . 2008-02-07 00:18 <DIR> d-------- F:\Arquivos de programas\LogMeIn

2008-01-24 15:10 . 2007-11-15 18:46 87,352 --a------ F:\WINDOWS\system32\LMIinit.dll

2008-01-24 15:10 . 2007-11-15 18:46 83,288 --a------ F:\WINDOWS\system32\LMIRfsClientNP.dll

2008-01-24 15:10 . 2007-08-03 15:09 46,112 --a------ F:\WINDOWS\system32\drivers\LMIRfsDriver.sys

2008-01-24 15:10 . 2007-11-15 18:46 21,496 --a------ F:\WINDOWS\system32\LMIport.dll

2008-01-19 19:49 . 2008-01-19 19:49 <DIR> d-------- F:\WINDOWS\48B8222675E34E9092CCD30F79EA6380.TMP

2008-01-19 17:01 . 2008-01-19 17:01 774,144 --a------ F:\Arquivos de programas\RngInterstitial.dll

2008-01-16 22:16 . 2008-01-17 10:02 <DIR> d-------- F:\WINDOWS\NV52525556.TMP

2008-01-16 21:59 . 2008-01-16 22:00 <DIR> d-------- F:\Arquivos de programas\NVIDIA Corporation

2008-01-15 09:52 . 2008-01-15 09:52 <DIR> d-------- F:\naruto

2008-01-13 15:43 . 2008-01-13 15:43 <DIR> d-------- F:\TEXCACHE

2008-01-13 15:30 . 2008-01-13 22:41 <DIR> d-------- F:\Arquivos de programas\Cenega

2008-01-12 20:13 . 2008-01-12 20:13 <DIR> d-------- F:\Arquivos de programas\AquaMark3

2008-01-12 20:13 . 1999-10-21 11:12 20,400 --a------ F:\WINDOWS\system32\drivers\entech.sys

2008-01-11 13:15 . 2008-01-11 13:16 90 --a------ F:\WINDOWS\graphedit.INI

2008-01-09 19:12 . 2008-01-09 19:43 <DIR> d-------- F:\Arquivos de programas\Central de Jogos

2008-01-09 19:12 . 2001-04-04 16:01 2,023,424 -ra------ F:\WINDOWS\system32\vcl50.bpl

2008-01-09 19:12 . 2001-11-14 17:48 692,736 -ra------ F:\WINDOWS\system32\firstclass2000_vcl5.bpl

2008-01-09 19:12 . 2001-04-04 16:01 558,080 -ra------ F:\WINDOWS\system32\vcldb50.bpl

2008-01-09 19:12 . 2001-04-04 16:01 387,072 -ra------ F:\WINDOWS\system32\dss50.bpl

2008-01-09 19:12 . 1997-05-29 17:29 315,904 --a------ F:\WINDOWS\IsUn0416.exe

2008-01-09 19:12 . 2001-04-04 16:01 300,032 -ra------ F:\WINDOWS\system32\vclbde50.bpl

2008-01-09 19:12 . 2001-04-04 16:01 248,832 -ra------ F:\WINDOWS\system32\vclx50.bpl

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-07 22:02 --------- d-----w F:\Arquivos de programas\whInstall

2008-02-07 20:29 --------- d-----w F:\Arquivos de programas\eMule

2008-01-31 23:35 219,648 ----a-w F:\WINDOWS\system32\uxtheme.dll

2008-01-30 19:47 --------- d-----w F:\Arquivos de programas\GameVicio

2008-01-30 19:36 --------- d--h--w F:\Arquivos de programas\InstallShield Installation Information

2008-01-30 19:36 --------- d-----w F:\Arquivos de programas\THQ

2008-01-29 15:05 --------- d-----w F:\Arquivos de programas\Arquivos comuns\Real

2008-01-27 14:00 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\Skype

2008-01-25 16:00 --------- d-----w F:\Arquivos de programas\Alawar

2008-01-19 19:01 --------- d-----w F:\Arquivos de programas\Real

2008-01-14 21:44 --------- d-----w F:\Arquivos de programas\Warcraft III

2008-01-13 17:24 --------- d-----w F:\Arquivos de programas\ClocX

2008-01-08 00:18 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\DataLayer

2008-01-05 09:47 --------- d-----w F:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-01-04 11:31 83,168 ----a-w F:\WINDOWS\system32\S32EVNT1.DLL

2008-01-04 11:31 104,144 ----a-w F:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-01-04 11:31 --------- d-----w F:\Arquivos de programas\Symantec

2008-01-04 11:31 --------- d-----w F:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-01-03 01:52 --------- d-----w F:\Arquivos de programas\Yahoo!

2008-01-03 01:36 --------- d-----w F:\Arquivos de programas\Gabest

2008-01-03 01:34 --------- d-----w F:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-01-03 00:41 --------- d-----w F:\Arquivos de programas\SopCast

2008-01-03 00:00 --------- d-----w F:\Arquivos de programas\Windows Media Connect 2

2008-01-02 19:24 --------- d-----w F:\Arquivos de programas\PluginLetras

2008-01-02 18:25 --------- d-----w F:\Arquivos de programas\Firebird

2008-01-02 18:17 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\HK-Software

2008-01-02 18:16 --------- d-----w F:\Arquivos de programas\HK-Software

2007-12-23 13:29 --------- d-----w F:\Arquivos de programas\Messenger Plus! Live

2007-12-20 15:31 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\PlayFirst

2007-12-20 02:02 --------- d-----w F:\Documents and Settings\All Users\Dados de aplicativos\Trymedia

2007-12-20 01:21 --------- d-----w F:\Arquivos de programas\Activision Value

2007-12-19 20:07 --------- d-----w F:\Documents and Settings\All Users\Dados de aplicativos\Escape From Paradise

2007-12-19 17:33 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\Home Sweet Home

2007-12-19 16:47 --------- d-----w F:\Arquivos de programas\Trymedia

2007-12-19 15:58 --------- d-----w F:\Documents and Settings\All Users\Dados de aplicativos\PlayFirst

2007-12-19 15:42 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\Gamelab

2007-12-19 15:23 --------- d-----w F:\Arquivos de programas\Green Land Studios

2007-12-19 13:53 --------- d-----w F:\Arquivos de programas\ReflexiveArcade

2007-12-15 16:39 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\Jane s Hotel

2007-12-14 14:45 360,448 ----a-w F:\WINDOWS\system32\NVUNINST.EXE

2007-12-12 22:01 425,984 ----a-w F:\WINDOWS\ntuneoem.dll

2007-12-12 22:01 29,696 ----a-w F:\WINDOWS\nvoclock.sys

2007-12-12 21:58 36,384 ----a-w F:\WINDOWS\nvflash.sys

2007-12-12 00:11 --------- d-----w F:\Arquivos de programas\K-Lite Codec Pack

2007-12-11 15:19 1,024 ----a-w F:\Documents and Settings\All Users\Dados de aplicativos\pdfdoc2.dll

2007-12-11 15:18 --------- d-----w F:\Arquivos de programas\psconvert

2007-12-11 15:18 --------- d-----w F:\Arquivos de programas\PDF-Convert

2007-12-09 11:59 --------- d-----w F:\Arquivos de programas\DAEMON Tools

2007-12-08 12:11 --------- d-----w F:\Arquivos de programas\Crystal Player

2007-12-08 12:10 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\Media Player Classic

2007-12-05 03:41 81,920 ----a-w F:\WINDOWS\system32\nvwddi.dll

2007-12-05 03:41 81,920 ----a-w F:\WINDOWS\system32\nvmctray.dll

2007-12-05 03:41 8,523,776 ----a-w F:\WINDOWS\system32\nvcpl.dll

2007-12-05 03:41 6,901,760 ----a-w F:\WINDOWS\system32\nvoglnt.dll

2007-12-05 03:41 6,549,504 ----a-w F:\WINDOWS\system32\nvdisps.dll

2007-12-05 03:41 5,773,568 ----a-w F:\WINDOWS\system32\nv4_disp.dll

2007-12-05 03:41 466,944 ----a-w F:\WINDOWS\system32\nvshell.dll

2007-12-05 03:41 45,056 ----a-w F:\WINDOWS\system32\nvmccsrs.dll

2007-12-05 03:41 442,368 ----a-w F:\WINDOWS\system32\nvappbar.exe

2007-12-05 03:41 425,984 ----a-w F:\WINDOWS\system32\keystone.exe

2007-12-05 03:41 385,024 ----a-w F:\WINDOWS\system32\nvapi.dll

2007-12-05 03:41 356,352 ----a-w F:\WINDOWS\system32\nvudisp.exe

2007-12-05 03:41 35,328 ----a-w F:\WINDOWS\system32\nvcodins.dll

2007-12-05 03:41 35,328 ----a-w F:\WINDOWS\system32\nvcod.dll

2007-12-05 03:41 3,710,976 ----a-w F:\WINDOWS\system32\nvvitvs.dll

2007-12-05 03:41 3,420,160 ----a-w F:\WINDOWS\system32\nvgames.dll

2007-12-05 03:41 286,720 ----a-w F:\WINDOWS\system32\nvnt4cpl.dll

2007-12-05 03:41 229,376 ----a-w F:\WINDOWS\system32\nvmccs.dll

2007-12-05 03:41 2,498,560 ----a-w F:\WINDOWS\system32\nvwss.dll

2007-12-05 03:41 188,416 ----a-w F:\WINDOWS\system32\nvmccss.dll

2007-12-05 03:41 155,716 ----a-w F:\WINDOWS\system32\nvsvc32.exe

2007-12-05 03:41 147,456 ----a-w F:\WINDOWS\system32\nvcolor.exe

2007-12-05 03:41 1,703,936 ----a-w F:\WINDOWS\system32\nvwdmcpl.dll

2007-12-05 03:41 1,626,112 ----a-w F:\WINDOWS\system32\nwiz.exe

2007-12-05 03:41 1,474,560 ----a-w F:\WINDOWS\system32\nview.dll

2007-12-05 03:41 1,339,392 ----a-w F:\WINDOWS\system32\nvdspsch.exe

2007-12-05 03:41 1,228,800 ----a-w F:\WINDOWS\system32\nvmobls.dll

2007-12-05 03:41 1,089,536 ----a-w F:\WINDOWS\system32\nvcuda.dll

2007-12-05 03:41 1,019,904 ----a-w F:\WINDOWS\system32\nvwimg.dll

2007-11-28 03:17 1,024 ----a-w F:\Documents and Settings\All Users\Dados de aplicativos\1doc2pdf.dll

2007-11-15 20:46 23,736 ----a-w F:\WINDOWS\system32\lmimirr.dll

2007-11-15 20:46 10,040 ----a-w F:\WINDOWS\system32\lmimirr2.dll

2007-11-09 10:49 1 ----a-w F:\Documents and Settings\Jean\SI.bin

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40498DEF-8B13-44A6-A1A7-69DFE36E9210}]

2007-03-05 18:39 915160 --------- F:\Arquivos de programas\Congoo Netpass\congootb.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{40498DEF-8B13-44A6-A1A7-69DFE36E9210}

 

[HKEY_CLASSES_ROOT\clsid\{40498def-8b13-44a6-a1a7-69dfe36e9210}]

[HKEY_CLASSES_ROOT\congootb.Band.1]

[HKEY_CLASSES_ROOT\TypeLib\{7AB2CD40-C33A-4C5A-B701-A68541DFF7DF}]

[HKEY_CLASSES_ROOT\congootb.Band]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 25088]

"LightDialer"="F:\Arquivos de programas\Turbo\Discador Turbo\DISCADOR.EXE" [2004-08-16 09:48 864256]

"NVIDIA nTune"="F:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-12-12 20:00 106496]

"MSMSGS"="F:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 14:24 1825792]

"eMuleAutoStart"="F:\Arquivos de programas\eMule\emule.exe" [2007-05-13 12:57 5308416]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 F:\WINDOWS\system32\nwiz.exe]

"SunJavaUpdateSched"="F:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

"WatchDog"="F:\Arquivos de programas\mobile PhoneTools\WatchDog.exe" [2004-08-14 05:42 36864]

"C6501Sound"="c6501.cpl" []

"NvMediaCenter"="F:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"LogMeIn GUI"="F:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048]

"AVG7_CC"="F:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-02-07 18:40 579072]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"VistaTheme"="F:\WINDOWS\VistaMizer\Theme.exe" [2007-12-23 15:28 101783]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:45 25088]

"AVG7_Run"="F:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-02-07 18:40 219136]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="LogonUI.EXE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

avgwlntf.dll 2008-02-07 18:40 9216 F:\WINDOWS\system32\avgwlntf.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

LMIinit.dll 2007-11-15 18:46 87352 F:\WINDOWS\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]

PCANotify.dll 2007-04-27 12:10 18744 F:\WINDOWS\system32\PCANotify.dll

 

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=F:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=F:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

--a------ 2007-10-08 06:54 6338872 F:\Arquivos de programas\BitComet\BitComet.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

F:\Arquivos de programas\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 14:24 1825792 F:\Arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 16:40 155648 F:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

--a------ 2004-03-11 01:26 406016 F:\WINDOWS\system32\PSDrvCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a------ 2006-06-05 12:06 188416 F:\Arquivos de programas\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

F:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ALG"=3 (0x3)

 

R0 Defrag32b;Defrag32Boot;F:\WINDOWS\system32\drivers\Defrag32b.sys [2005-11-22 12:33]

R2 Defrag32;Defrag32;F:\WINDOWS\system32\drivers\Defrag32.sys [2005-11-22 12:33]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;F:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe [2007-01-31 01:05]

R2 LMIInfo;LogMeIn Kernel Information Provider;F:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;F:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]

R2 NVR0FLASHDev;NVR0FLASHDev;F:\WINDOWS\nvflash.sys [2007-12-12 19:58]

R2 PDSched;PDScheduler;"F:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe" [2005-11-29 12:16]

R2 UpdateCenterService;Update Center Service;F:\Arquivos de programas\NVIDIA Corporation\System Update\UpdateCenterService.exe [2007-12-12 19:59]

R3 cm102u32;C-Media CM6501 Like Sound Interface;F:\WINDOWS\system32\drivers\c6501.sys [2006-09-05 07:04]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;F:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe [2007-01-31 01:05]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);F:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 01:09]

S3 PciCon;PciCon;E:\PciCon.sys []

S3 usb2vcom;Nokia CA-42 USB;F:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2006-04-03 05:41]

S3 XDva030;XDva030;F:\WINDOWS\system32\XDva030.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\AutoRun\command - H:\setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

\Shell\AutoRun\command - I:\doNada.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]

\Shell\AutoRun\command - J:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]

\Shell\AutoRun\command - K:\Autorun.exe

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-01-30 00:31:00 F:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- F:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-07 22:06:01

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-02-07 22:06:36

ComboFix-quarantined-files.txt 2008-02-08 00:06:16

.

2008-01-13 14:26:00 --- E O F ---

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 22:24:01, on 07/02/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

F:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe

F:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

F:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

F:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

F:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe

F:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

F:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

F:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

F:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

F:\Arquivos de programas\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

F:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe

F:\WINDOWS\system32\nvsvc32.exe

F:\WINDOWS\system32\PnkBstrA.exe

F:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

F:\WINDOWS\system32\svchost.exe

F:\Arquivos de programas\NVIDIA Corporation\System Update\UpdateCenterService.exe

F:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe

F:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

F:\WINDOWS\explorer.exe

F:\WINDOWS\system32\wuauclt.exe

F:\ARQUIV~1\MOZILL~1\FIREFOX.EXE

F:\LinhaDefenciva\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gg-game.com/

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.9.24.dll

O2 - BHO: Congoo Netpass - {40498DEF-8B13-44A6-A1A7-69DFE36E9210} - F:\Arquivos de programas\Congoo Netpass\congootb.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Congoo Netpass - {40498DEF-8B13-44A6-A1A7-69DFE36E9210} - F:\Arquivos de programas\Congoo Netpass\congootb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [WatchDog] F:\Arquivos de programas\mobile PhoneTools\WatchDog.exe

O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LogMeIn GUI] "F:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [AVG7_CC] F:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\RunOnce: [VistaTheme] F:\WINDOWS\VistaMizer\Theme.exe /S

O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LightDialer] F:\Arquivos de programas\Turbo\Discador Turbo\DISCADOR.EXE

O4 - HKCU\..\Run: [NVIDIA nTune] "F:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneCmd.exe" resetprofile

O4 - HKCU\..\Run: [MSMSGS] "F:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [eMuleAutoStart] F:\Arquivos de programas\eMule\emule.exe -AutoStart

O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Baixar link usando &BitComet - res://F:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://F:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://F:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://F:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {0AD475F1-D955-40a7-9FFF-C3BF075F04AA} - F:\Arquivos de programas\Congoo Netpass\congootb.dll

O9 - Extra 'Tools' menuitem: Congoo Netpass - {0AD475F1-D955-40a7-9FFF-C3BF075F04AA} - F:\Arquivos de programas\Congoo Netpass\congootb.dll

O9 - Extra button: (no name) - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)

O9 - Extra 'Tools' menuitem: Congoo Toolbar - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - F:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.9.24.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3CCE366E-E620-4B91-A35D-EF8FC85C3B2F}: NameServer = 201.10.120.3 201.10.1.2

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avgwlntf - F:\WINDOWS\SYSTEM32\avgwlntf.dll

O20 - Winlogon Notify: LMIinit - F:\WINDOWS\SYSTEM32\LMIinit.dll

O20 - Winlogon Notify: PCANotify - F:\WINDOWS\SYSTEM32\PCANotify.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - F:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - F:\Arquivos de programas\Symantec\pcAnywhere\awhost32.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - F:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - F:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - F:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - F:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: MSSQL$PINNACLESYS - Unknown owner - F:\Arquivos de programas\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)

O23 - Service: NBService - Nero AG - F:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Performance Service (nTuneService) - NVIDIA - F:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PDEngine - Raxco Software, Inc. - F:\Arquivos de programas\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - F:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe

O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - F:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - F:\Arquivos de programas\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)

O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - F:\Arquivos de programas\NVIDIA Corporation\System Update\UpdateCenterService.exe

[jgarcia 1]

Opa jeanjcds,

 

* Baixe o VundoFix.

 

* Dê duplo-clique sobre VundoFix.exe para iniciá-lo;

 

* Quando o VundoFix abrir clique em Scan for Vundo. Aguarde o término do scan que pode demorar algum tempo. Seja paciente;

 

* Terminado o scan clique em Remove Vundo;

 

* Você receberá um alerta perguntando se deseja remover os arquivos. Clique em YES. O seu desktop irá apagar (isto é normal);

 

* Para completar o scan será necessário reinicializar a máquina. Clique em OK;

 

* Favor postar o log do VundoFix (F:\vundofix.txt) em sua próxima resposta, juntamente com novos do ComboFix e HijackThis.

 

Abraços.

[jeanjcds 0]

deu isso no vumdo

 

 

VundoFix V6.7.8

 

Checking Java version...

 

Sun Java not detected

Scan started at 23:10:24 07/02/2008

 

Listing files found while scanning....

 

No infected files were found.

 

 

Beginning removal...

[jgarcia 1]

Opa jeanjcds,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

E:\autorun.exe

F:\WINDOWS\imsins.BAK

F:\WINDOWS\RealOrch.INI

F:\WINDOWS\graphedit.INI

F:\WINDOWS\48B8222675E34E9092CCD30F79EA6380.TMP

F:\WINDOWS\NV52525556.TMP

F:\WINDOWS\IsUn0416.exe

H:\setup.exe

I:\doNada.exe

J:\autorun.exe

K:\Autorun.exe

 

Registry::

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]

ATENÇÃO: O script acima foi elaborado especifícamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

• 2. Salve o arquivo como CFScript.txt;
   
  3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
  
   
  4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta.
  

Abraços.

[jeanjcds 0]

ComboFix 08-02.05.3 - Jean 2008-02-10 10:16:13.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1511 [GMT -2:00]

Executando de: F:\LinhaDefenciva\ComboFix.exe

Command switches used :: F:\LinhaDefenciva\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE

E:\autorun.exe

F:\WINDOWS\48B8222675E34E9092CCD30F79EA6380.TMP

F:\WINDOWS\graphedit.INI

F:\WINDOWS\imsins.BAK

F:\WINDOWS\IsUn0416.exe

F:\WINDOWS\NV52525556.TMP

F:\WINDOWS\RealOrch.INI

H:\setup.exe

I:\doNada.exe

J:\autorun.exe

K:\Autorun.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

F:\WINDOWS\graphedit.INI

F:\WINDOWS\IsUn0416.exe

F:\WINDOWS\RealOrch.INI

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))))

.

 

2008-02-08 00:14 . 2007-06-29 14:47 34,304 --a------ F:\WINDOWS\system32\drivers\AmdLLD.sys

2008-02-07 23:51 . 2008-02-08 00:14 <DIR> d-------- F:\Arquivos de programas\AMD

2008-02-07 23:10 . 2008-02-07 23:10 <DIR> d-------- F:\VundoFix Backups

2008-02-07 18:40 . 2008-02-07 18:40 <DIR> d-------- F:\Documents and Settings\LocalService\Dados de aplicativos\AVG7

2008-02-07 18:40 . 2008-02-09 08:00 <DIR> d-------- F:\Documents and Settings\Jean\Dados de aplicativos\AVG7

2008-02-07 18:40 . 2008-02-07 18:40 <DIR> d-------- F:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-02-07 18:40 . 2008-02-07 20:02 <DIR> d-------- F:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-02-07 18:40 . 2008-02-07 18:40 9,216 --a------ F:\WINDOWS\system32\avgwlntf.dll

2008-01-31 21:35 . 2008-01-31 21:35 8,294,454 --a------ F:\WINDOWS\startup.bmp

2008-01-31 21:35 . 2004-08-04 01:45 219,648 --a------ F:\WINDOWS\system32\uxtheme.backup

2008-01-31 21:33 . 2008-01-31 21:35 <DIR> d-------- F:\WINDOWS\VistaMizer

2008-01-30 17:42 . 2006-04-29 14:25 40,960 --a------ F:\WINDOWS\system32\psfind.dll

2008-01-29 12:55 . 2008-01-29 13:02 <DIR> d-------- F:\Documents and Settings\Jean\Dados de aplicativos\Aston

2008-01-29 12:55 . 2008-01-29 13:02 <DIR> dr------- F:\Arquivos de programas\Aston

2008-01-29 11:57 . 2008-01-29 12:14 <DIR> d-------- F:\Arquivos de programas\Karaoke Video

2008-01-28 20:03 . 2008-02-07 20:02 <DIR> d-------- F:\Arquivos de programas\Mediacenter

2008-01-28 10:03 . 2008-01-29 10:42 <DIR> d-------- F:\Arquivos de programas\phenomedia

2008-01-27 11:40 . 2008-01-29 20:29 <DIR> d-------- F:\Arquivos de programas\Cartoon Network All-Stars

2008-01-27 00:45 . 2008-01-28 15:52 22,328 --a------ F:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-01-27 00:45 . 2008-01-27 00:45 22,328 --a------ F:\Documents and Settings\Jean\Dados de aplicativos\PnkBstrK.sys

2008-01-27 00:44 . 2008-01-28 15:52 107,832 --a------ F:\WINDOWS\system32\PnkBstrB.exe

2008-01-27 00:44 . 2008-01-28 15:52 66,872 --a------ F:\WINDOWS\system32\PnkBstrA.exe

2008-01-27 00:10 . 2008-01-27 00:10 285 --a------ F:\WINDOWS\game.ini

2008-01-26 15:39 . 2008-01-26 15:39 <DIR> d-------- F:\Arquivos de programas\Crazy Machines - Neues aus dem Labor

2008-01-25 19:40 . 2008-01-31 12:53 <DIR> d-------- F:\Documents and Settings\Jean\Dados de aplicativos\Bioshock

2008-01-25 14:04 . 2007-10-03 10:42 <DIR> d--h----- F:\Documents and Settings\LogMeInRemoteUser\Modelos

2008-01-25 14:04 . 2007-10-03 18:37 <DIR> d-------- F:\Documents and Settings\LogMeInRemoteUser\Meus documentos

2008-01-25 14:04 . 2007-10-03 18:37 <DIR> dr------- F:\Documents and Settings\LogMeInRemoteUser\Menu Iniciar

2008-01-25 14:04 . 2007-10-03 18:37 <DIR> d-------- F:\Documents and Settings\LogMeInRemoteUser\Favoritos

2008-01-25 14:04 . 2007-10-03 18:37 <DIR> dr-h----- F:\Documents and Settings\LogMeInRemoteUser\Dados de aplicativos

2008-01-25 14:04 . 2008-02-07 22:06 <DIR> d--h----- F:\Documents and Settings\LogMeInRemoteUser\Configurações locais

2008-01-25 14:04 . 2007-10-03 18:37 <DIR> d--h----- F:\Documents and Settings\LogMeInRemoteUser\Ambiente de rede

2008-01-25 14:04 . 2007-10-03 18:37 <DIR> d--h----- F:\Documents and Settings\LogMeInRemoteUser\Ambiente de impressão

2008-01-25 00:47 . 2008-01-25 00:47 <DIR> d-------- F:\Arquivos de programas\Konami

2008-01-24 22:02 . 2007-10-12 15:14 3,734,536 --a------ F:\WINDOWS\system32\d3dx9_36.dll

2008-01-24 22:02 . 2007-07-19 18:14 3,727,720 --a------ F:\WINDOWS\system32\d3dx9_35.dll

2008-01-24 22:02 . 2007-10-12 15:14 1,374,232 --a------ F:\WINDOWS\system32\D3DCompiler_36.dll

2008-01-24 22:02 . 2007-07-19 18:14 1,358,192 --a------ F:\WINDOWS\system32\D3DCompiler_35.dll

2008-01-24 22:02 . 2007-10-02 09:56 444,776 --a------ F:\WINDOWS\system32\d3dx10_36.dll

2008-01-24 22:02 . 2007-07-19 18:14 444,776 --a------ F:\WINDOWS\system32\d3dx10_35.dll

2008-01-24 22:02 . 2007-10-22 03:39 267,272 --a------ F:\WINDOWS\system32\xactengine2_10.dll

2008-01-24 22:02 . 2007-07-20 00:57 267,112 --a------ F:\WINDOWS\system32\xactengine2_9.dll

2008-01-24 22:00 . 2008-01-24 22:02 <DIR> d--h----- F:\WINDOWS\msdownld.tmp

2008-01-24 21:56 . 2008-01-24 21:56 <DIR> d-------- F:\Arquivos de programas\LevelUpGames

2008-01-24 15:10 . 2008-02-10 10:09 <DIR> d-------- F:\Arquivos de programas\LogMeIn

2008-01-24 15:10 . 2007-11-15 18:46 87,352 --a------ F:\WINDOWS\system32\LMIinit.dll

2008-01-24 15:10 . 2007-11-15 18:46 83,288 --a------ F:\WINDOWS\system32\LMIRfsClientNP.dll

2008-01-24 15:10 . 2007-08-03 15:09 46,112 --a------ F:\WINDOWS\system32\drivers\LMIRfsDriver.sys

2008-01-24 15:10 . 2007-11-15 18:46 21,496 --a------ F:\WINDOWS\system32\LMIport.dll

2008-01-19 19:49 . 2008-01-19 19:49 <DIR> d-------- F:\WINDOWS\48B8222675E34E9092CCD30F79EA6380.TMP

2008-01-19 17:01 . 2008-01-19 17:01 774,144 --a------ F:\Arquivos de programas\RngInterstitial.dll

2008-01-16 22:16 . 2008-01-17 10:02 <DIR> d-------- F:\WINDOWS\NV52525556.TMP

2008-01-16 21:59 . 2008-01-16 22:00 <DIR> d-------- F:\Arquivos de programas\NVIDIA Corporation

2008-01-15 09:52 . 2008-01-15 09:52 <DIR> d-------- F:\naruto

2008-01-13 15:43 . 2008-01-13 15:43 <DIR> d-------- F:\TEXCACHE

2008-01-13 15:30 . 2008-01-13 22:41 <DIR> d-------- F:\Arquivos de programas\Cenega

2008-01-12 20:13 . 2008-01-12 20:13 <DIR> d-------- F:\Arquivos de programas\AquaMark3

2008-01-12 20:13 . 1999-10-21 11:12 20,400 --a------ F:\WINDOWS\system32\drivers\entech.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-08 23:11 --------- d-----w F:\Arquivos de programas\eMule

2008-02-08 22:08 --------- d-----w F:\Arquivos de programas\Ubisoft

2008-02-08 01:51 --------- d--h--w F:\Arquivos de programas\InstallShield Installation Information

2008-02-07 22:02 --------- d-----w F:\Arquivos de programas\whInstall

2008-01-31 23:35 219,648 ----a-w F:\WINDOWS\system32\uxtheme.dll

2008-01-30 19:47 --------- d-----w F:\Arquivos de programas\GameVicio

2008-01-30 19:36 --------- d-----w F:\Arquivos de programas\THQ

2008-01-29 15:05 --------- d-----w F:\Arquivos de programas\Arquivos comuns\Real

2008-01-27 14:00 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\Skype

2008-01-25 16:00 --------- d-----w F:\Arquivos de programas\Alawar

2008-01-19 19:01 --------- d-----w F:\Arquivos de programas\Real

2008-01-13 17:24 --------- d-----w F:\Arquivos de programas\ClocX

2008-01-09 21:43 --------- d-----w F:\Arquivos de programas\Central de Jogos

2008-01-08 00:18 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\DataLayer

2008-01-05 09:47 --------- d-----w F:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-01-04 11:31 83,168 ----a-w F:\WINDOWS\system32\S32EVNT1.DLL

2008-01-04 11:31 104,144 ----a-w F:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-01-04 11:31 --------- d-----w F:\Arquivos de programas\Symantec

2008-01-04 11:31 --------- d-----w F:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-01-03 01:52 --------- d-----w F:\Arquivos de programas\Yahoo!

2008-01-03 01:36 --------- d-----w F:\Arquivos de programas\Gabest

2008-01-03 01:34 --------- d-----w F:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-01-03 00:41 --------- d-----w F:\Arquivos de programas\SopCast

2008-01-03 00:00 --------- d-----w F:\Arquivos de programas\Windows Media Connect 2

2008-01-02 19:24 --------- d-----w F:\Arquivos de programas\PluginLetras

2008-01-02 18:25 --------- d-----w F:\Arquivos de programas\Firebird

2008-01-02 18:17 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\HK-Software

2008-01-02 18:16 --------- d-----w F:\Arquivos de programas\HK-Software

2007-12-23 13:29 --------- d-----w F:\Arquivos de programas\Messenger Plus! Live

2007-12-20 15:31 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\PlayFirst

2007-12-20 02:02 --------- d-----w F:\Documents and Settings\All Users\Dados de aplicativos\Trymedia

2007-12-20 01:21 --------- d-----w F:\Arquivos de programas\Activision Value

2007-12-19 20:07 --------- d-----w F:\Documents and Settings\All Users\Dados de aplicativos\Escape From Paradise

2007-12-19 17:33 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\Home Sweet Home

2007-12-19 16:47 --------- d-----w F:\Arquivos de programas\Trymedia

2007-12-19 15:58 --------- d-----w F:\Documents and Settings\All Users\Dados de aplicativos\PlayFirst

2007-12-19 15:42 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\Gamelab

2007-12-19 15:23 --------- d-----w F:\Arquivos de programas\Green Land Studios

2007-12-19 13:53 --------- d-----w F:\Arquivos de programas\ReflexiveArcade

2007-12-15 16:39 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\Jane s Hotel

2007-12-14 14:45 360,448 ----a-w F:\WINDOWS\system32\NVUNINST.EXE

2007-12-12 22:01 425,984 ----a-w F:\WINDOWS\ntuneoem.dll

2007-12-12 22:01 29,696 ----a-w F:\WINDOWS\nvoclock.sys

2007-12-12 21:58 36,384 ----a-w F:\WINDOWS\nvflash.sys

2007-12-12 00:11 --------- d-----w F:\Arquivos de programas\K-Lite Codec Pack

2007-12-11 15:19 1,024 ----a-w F:\Documents and Settings\All Users\Dados de aplicativos\pdfdoc2.dll

2007-12-11 15:18 --------- d-----w F:\Arquivos de programas\psconvert

2007-12-11 15:18 --------- d-----w F:\Arquivos de programas\PDF-Convert

2007-12-05 03:41 81,920 ----a-w F:\WINDOWS\system32\nvwddi.dll

2007-12-05 03:41 81,920 ----a-w F:\WINDOWS\system32\nvmctray.dll

2007-12-05 03:41 8,523,776 ----a-w F:\WINDOWS\system32\nvcpl.dll

2007-12-05 03:41 6,901,760 ----a-w F:\WINDOWS\system32\nvoglnt.dll

2007-12-05 03:41 6,549,504 ----a-w F:\WINDOWS\system32\nvdisps.dll

2007-12-05 03:41 5,773,568 ----a-w F:\WINDOWS\system32\nv4_disp.dll

2007-12-05 03:41 466,944 ----a-w F:\WINDOWS\system32\nvshell.dll

2007-12-05 03:41 45,056 ----a-w F:\WINDOWS\system32\nvmccsrs.dll

2007-12-05 03:41 442,368 ----a-w F:\WINDOWS\system32\nvappbar.exe

2007-12-05 03:41 425,984 ----a-w F:\WINDOWS\system32\keystone.exe

2007-12-05 03:41 385,024 ----a-w F:\WINDOWS\system32\nvapi.dll

2007-12-05 03:41 356,352 ----a-w F:\WINDOWS\system32\nvudisp.exe

2007-12-05 03:41 35,328 ----a-w F:\WINDOWS\system32\nvcodins.dll

2007-12-05 03:41 35,328 ----a-w F:\WINDOWS\system32\nvcod.dll

2007-12-05 03:41 3,710,976 ----a-w F:\WINDOWS\system32\nvvitvs.dll

2007-12-05 03:41 3,420,160 ----a-w F:\WINDOWS\system32\nvgames.dll

2007-12-05 03:41 286,720 ----a-w F:\WINDOWS\system32\nvnt4cpl.dll

2007-12-05 03:41 229,376 ----a-w F:\WINDOWS\system32\nvmccs.dll

2007-12-05 03:41 2,498,560 ----a-w F:\WINDOWS\system32\nvwss.dll

2007-12-05 03:41 188,416 ----a-w F:\WINDOWS\system32\nvmccss.dll

2007-12-05 03:41 155,716 ----a-w F:\WINDOWS\system32\nvsvc32.exe

2007-12-05 03:41 147,456 ----a-w F:\WINDOWS\system32\nvcolor.exe

2007-12-05 03:41 1,703,936 ----a-w F:\WINDOWS\system32\nvwdmcpl.dll

2007-12-05 03:41 1,626,112 ----a-w F:\WINDOWS\system32\nwiz.exe

2007-12-05 03:41 1,474,560 ----a-w F:\WINDOWS\system32\nview.dll

2007-12-05 03:41 1,339,392 ----a-w F:\WINDOWS\system32\nvdspsch.exe

2007-12-05 03:41 1,228,800 ----a-w F:\WINDOWS\system32\nvmobls.dll

2007-12-05 03:41 1,089,536 ----a-w F:\WINDOWS\system32\nvcuda.dll

2007-12-05 03:41 1,019,904 ----a-w F:\WINDOWS\system32\nvwimg.dll

2007-11-28 03:17 1,024 ----a-w F:\Documents and Settings\All Users\Dados de aplicativos\1doc2pdf.dll

2007-11-15 20:46 23,736 ----a-w F:\WINDOWS\system32\lmimirr.dll

2007-11-15 20:46 10,040 ----a-w F:\WINDOWS\system32\lmimirr2.dll

2007-11-09 10:49 1 ----a-w F:\Documents and Settings\Jean\SI.bin

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40498DEF-8B13-44A6-A1A7-69DFE36E9210}]

2007-03-05 18:39 915160 --------- F:\Arquivos de programas\Congoo Netpass\congootb.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{40498DEF-8B13-44A6-A1A7-69DFE36E9210}

 

[HKEY_CLASSES_ROOT\clsid\{40498def-8b13-44a6-a1a7-69dfe36e9210}]

[HKEY_CLASSES_ROOT\congootb.Band.1]

[HKEY_CLASSES_ROOT\TypeLib\{7AB2CD40-C33A-4C5A-B701-A68541DFF7DF}]

[HKEY_CLASSES_ROOT\congootb.Band]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 25088]

"LightDialer"="F:\Arquivos de programas\Turbo\Discador Turbo\DISCADOR.EXE" [2004-08-16 09:48 864256]

"NVIDIA nTune"="F:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-12-12 20:00 106496]

"MSMSGS"="F:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 14:24 1825792]

"eMuleAutoStart"="F:\Arquivos de programas\eMule\eMule.exe" [2007-05-13 12:57 5308416]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 F:\WINDOWS\system32\nwiz.exe]

"SunJavaUpdateSched"="F:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

"WatchDog"="F:\Arquivos de programas\mobile PhoneTools\WatchDog.exe" [2004-08-14 05:42 36864]

"C6501Sound"="c6501.cpl" []

"NvMediaCenter"="F:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"LogMeIn GUI"="F:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048]

"AVG7_CC"="F:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-02-07 18:40 579072]

"amd_dc_opt"="F:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06 77824]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:45 25088]

"AVG7_Run"="F:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-02-07 18:40 219136]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="LogonUI.EXE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

avgwlntf.dll 2008-02-07 18:40 9216 F:\WINDOWS\system32\avgwlntf.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

LMIinit.dll 2007-11-15 18:46 87352 F:\WINDOWS\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]

PCANotify.dll 2007-04-27 12:10 18744 F:\WINDOWS\system32\PCANotify.dll

 

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=F:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=F:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

--a------ 2007-10-08 06:54 6338872 F:\Arquivos de programas\BitComet\BitComet.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

F:\Arquivos de programas\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 14:24 1825792 F:\Arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 16:40 155648 F:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

--a------ 2004-03-11 01:26 406016 F:\WINDOWS\system32\PSDrvCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a------ 2006-06-05 12:06 188416 F:\Arquivos de programas\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

F:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ALG"=3 (0x3)

 

R0 Defrag32b;Defrag32Boot;F:\WINDOWS\system32\drivers\Defrag32b.sys [2005-11-22 12:33]

R2 Defrag32;Defrag32;F:\WINDOWS\system32\drivers\Defrag32.sys [2005-11-22 12:33]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;F:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe [2007-01-31 01:05]

R2 LMIInfo;LogMeIn Kernel Information Provider;F:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;F:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]

R2 NVR0FLASHDev;NVR0FLASHDev;F:\WINDOWS\nvflash.sys [2007-12-12 19:58]

R2 PDSched;PDScheduler;"F:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe" [2005-11-29 12:16]

R2 UpdateCenterService;Update Center Service;F:\Arquivos de programas\NVIDIA Corporation\System Update\UpdateCenterService.exe [2007-12-12 19:59]

R3 cm102u32;C-Media CM6501 Like Sound Interface;F:\WINDOWS\system32\drivers\c6501.sys [2006-09-05 07:04]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;F:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe [2007-01-31 01:05]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);F:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 01:09]

S3 PciCon;PciCon;E:\PciCon.sys []

S3 usb2vcom;Nokia CA-42 USB;F:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2006-04-03 05:41]

S3 XDva030;XDva030;F:\WINDOWS\system32\XDva030.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\AutoRun\command - H:\setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

\Shell\AutoRun\command - I:\doNada.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]

\Shell\AutoRun\command - J:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]

\Shell\AutoRun\command - K:\Autorun.exe

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-01-30 00:31:00 F:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- F:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-10 10:18:40

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-02-10 10:19:17

ComboFix-quarantined-files.txt 2008-02-10 12:18:57

ComboFix2.txt 2008-02-08 00:06:37

.

2008-01-13 14:26:00 --- E O F ---

 

 

 

obrigado pela atenção!

[jgarcia 1]

Opa jeanjcds,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

F:\Documents and Settings\All Users\Dados de aplicativos\1doc2pdf.dll

ATENÇÃO: O script acima foi elaborado especifícamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

• 2. Salve o arquivo como CFScript.txt;
   
  3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
  
   
  4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta.
   
  5. Agora, vá em Iniciar -> Executar -> digite regedit -> dê Ok.
   
  6. Navegue até a seguinte subchave:
   
  HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2
   
  7. Localize e delete as seguintes pastas:
   
  E
  H
  I
  J
  K
  
  8. Saia do Editor do Registro.
  

Abraços.

[jeanjcds 0]

ComboFix 08-02.05.3 - Jean 2008-02-10 15:44:41.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1365 [GMT -2:00]

Executando de: F:\LinhaDefenciva\ComboFix.exe

Command switches used :: F:\LinhaDefenciva\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE

F:\Documents and Settings\All Users\Dados de aplicativos\1doc2pdf.dll

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

F:\Documents and Settings\All Users\Dados de aplicativos\1doc2pdf.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))))

.

 

2008-02-10 12:27 . 2008-02-10 12:27 <DIR> d-------- F:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2008-02-10 10:15 . 2004-08-04 01:45 401,920 --a------ F:\kmd.exe

2008-02-08 00:14 . 2007-06-29 14:47 34,304 --a------ F:\WINDOWS\system32\drivers\AmdLLD.sys

2008-02-07 23:51 . 2008-02-08 00:14 <DIR> d-------- F:\Arquivos de programas\AMD

2008-02-07 23:10 . 2008-02-07 23:10 <DIR> d-------- F:\VundoFix Backups

2008-02-07 18:40 . 2008-02-07 18:40 <DIR> d-------- F:\Documents and Settings\LocalService\Dados de aplicativos\AVG7

2008-02-07 18:40 . 2008-02-10 12:35 <DIR> d-------- F:\Documents and Settings\Jean\Dados de aplicativos\AVG7

2008-02-07 18:40 . 2008-02-07 18:40 <DIR> d-------- F:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-02-07 18:40 . 2008-02-07 20:02 <DIR> d-------- F:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-02-07 18:40 . 2008-02-07 18:40 9,216 --a------ F:\WINDOWS\system32\avgwlntf.dll

2008-01-31 21:35 . 2008-01-31 21:35 8,294,454 --a------ F:\WINDOWS\startup.bmp

2008-01-31 21:35 . 2004-08-04 01:45 219,648 --a------ F:\WINDOWS\system32\uxtheme.backup

2008-01-31 21:33 . 2008-01-31 21:35 <DIR> d-------- F:\WINDOWS\VistaMizer

2008-01-30 17:42 . 2006-04-29 14:25 40,960 --a------ F:\WINDOWS\system32\psfind.dll

2008-01-29 12:55 . 2008-01-29 13:02 <DIR> d-------- F:\Documents and Settings\Jean\Dados de aplicativos\Aston

2008-01-29 12:55 . 2008-01-29 13:02 <DIR> dr------- F:\Arquivos de programas\Aston

2008-01-29 11:57 . 2008-01-29 12:14 <DIR> d-------- F:\Arquivos de programas\Karaoke Video

2008-01-28 20:03 . 2008-02-07 20:02 <DIR> d-------- F:\Arquivos de programas\Mediacenter

2008-01-28 10:03 . 2008-01-29 10:42 <DIR> d-------- F:\Arquivos de programas\phenomedia

2008-01-27 11:40 . 2008-01-29 20:29 <DIR> d-------- F:\Arquivos de programas\Cartoon Network All-Stars

2008-01-27 00:45 . 2008-01-28 15:52 22,328 --a------ F:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-01-27 00:45 . 2008-01-27 00:45 22,328 --a------ F:\Documents and Settings\Jean\Dados de aplicativos\PnkBstrK.sys

2008-01-27 00:44 . 2008-01-28 15:52 107,832 --a------ F:\WINDOWS\system32\PnkBstrB.exe

2008-01-27 00:44 . 2008-01-28 15:52 66,872 --a------ F:\WINDOWS\system32\PnkBstrA.exe

2008-01-27 00:10 . 2008-01-27 00:10 285 --a------ F:\WINDOWS\game.ini

2008-01-26 15:39 . 2008-01-26 15:39 <DIR> d-------- F:\Arquivos de programas\Crazy Machines - Neues aus dem Labor

2008-01-25 19:40 . 2008-01-31 12:53 <DIR> d-------- F:\Documents and Settings\Jean\Dados de aplicativos\Bioshock

2008-01-25 14:04 . 2007-10-03 10:42 <DIR> d--h----- F:\Documents and Settings\LogMeInRemoteUser\Modelos

2008-01-25 14:04 . 2007-10-03 18:37 <DIR> d-------- F:\Documents and Settings\LogMeInRemoteUser\Meus documentos

2008-01-25 14:04 . 2007-10-03 18:37 <DIR> dr------- F:\Documents and Settings\LogMeInRemoteUser\Menu Iniciar

2008-01-25 14:04 . 2007-10-03 18:37 <DIR> d-------- F:\Documents and Settings\LogMeInRemoteUser\Favoritos

2008-01-25 14:04 . 2007-10-03 18:37 <DIR> dr-h----- F:\Documents and Settings\LogMeInRemoteUser\Dados de aplicativos

2008-01-25 14:04 . 2008-02-10 10:19 <DIR> d--h----- F:\Documents and Settings\LogMeInRemoteUser\Configurações locais

2008-01-25 14:04 . 2007-10-03 18:37 <DIR> d--h----- F:\Documents and Settings\LogMeInRemoteUser\Ambiente de rede

2008-01-25 14:04 . 2007-10-03 18:37 <DIR> d--h----- F:\Documents and Settings\LogMeInRemoteUser\Ambiente de impressão

2008-01-25 00:47 . 2008-01-25 00:47 <DIR> d-------- F:\Arquivos de programas\Konami

2008-01-24 22:02 . 2007-10-12 15:14 3,734,536 --a------ F:\WINDOWS\system32\d3dx9_36.dll

2008-01-24 22:02 . 2007-07-19 18:14 3,727,720 --a------ F:\WINDOWS\system32\d3dx9_35.dll

2008-01-24 22:02 . 2007-10-12 15:14 1,374,232 --a------ F:\WINDOWS\system32\D3DCompiler_36.dll

2008-01-24 22:02 . 2007-07-19 18:14 1,358,192 --a------ F:\WINDOWS\system32\D3DCompiler_35.dll

2008-01-24 22:02 . 2007-10-02 09:56 444,776 --a------ F:\WINDOWS\system32\d3dx10_36.dll

2008-01-24 22:02 . 2007-07-19 18:14 444,776 --a------ F:\WINDOWS\system32\d3dx10_35.dll

2008-01-24 22:02 . 2007-10-22 03:39 267,272 --a------ F:\WINDOWS\system32\xactengine2_10.dll

2008-01-24 22:02 . 2007-07-20 00:57 267,112 --a------ F:\WINDOWS\system32\xactengine2_9.dll

2008-01-24 22:00 . 2008-01-24 22:02 <DIR> d--h----- F:\WINDOWS\msdownld.tmp

2008-01-24 21:56 . 2008-01-24 21:56 <DIR> d-------- F:\Arquivos de programas\LevelUpGames

2008-01-24 15:10 . 2008-02-10 10:09 <DIR> d-------- F:\Arquivos de programas\LogMeIn

2008-01-24 15:10 . 2007-11-15 18:46 87,352 --a------ F:\WINDOWS\system32\LMIinit.dll

2008-01-24 15:10 . 2007-11-15 18:46 83,288 --a------ F:\WINDOWS\system32\LMIRfsClientNP.dll

2008-01-24 15:10 . 2007-08-03 15:09 46,112 --a------ F:\WINDOWS\system32\drivers\LMIRfsDriver.sys

2008-01-24 15:10 . 2007-11-15 18:46 21,496 --a------ F:\WINDOWS\system32\LMIport.dll

2008-01-19 19:49 . 2008-01-19 19:49 <DIR> d-------- F:\WINDOWS\48B8222675E34E9092CCD30F79EA6380.TMP

2008-01-19 17:01 . 2008-01-19 17:01 774,144 --a------ F:\Arquivos de programas\RngInterstitial.dll

2008-01-16 22:16 . 2008-01-17 10:02 <DIR> d-------- F:\WINDOWS\NV52525556.TMP

2008-01-16 21:59 . 2008-01-16 22:00 <DIR> d-------- F:\Arquivos de programas\NVIDIA Corporation

2008-01-15 09:52 . 2008-01-15 09:52 <DIR> d-------- F:\naruto

2008-01-13 15:43 . 2008-01-13 15:43 <DIR> d-------- F:\TEXCACHE

2008-01-13 15:30 . 2008-01-13 22:41 <DIR> d-------- F:\Arquivos de programas\Cenega

2008-01-12 20:13 . 2008-01-12 20:13 <DIR> d-------- F:\Arquivos de programas\AquaMark3

2008-01-12 20:13 . 1999-10-21 11:12 20,400 --a------ F:\WINDOWS\system32\drivers\entech.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-10 15:47 --------- d-----w F:\Arquivos de programas\eMule

2008-02-10 14:27 --------- d-----w F:\Arquivos de programas\Google

2008-02-08 22:08 --------- d-----w F:\Arquivos de programas\Ubisoft

2008-02-08 01:51 --------- d--h--w F:\Arquivos de programas\InstallShield Installation Information

2008-02-07 22:02 --------- d-----w F:\Arquivos de programas\whInstall

2008-01-31 23:35 219,648 ----a-w F:\WINDOWS\system32\uxtheme.dll

2008-01-30 19:47 --------- d-----w F:\Arquivos de programas\GameVicio

2008-01-30 19:36 --------- d-----w F:\Arquivos de programas\THQ

2008-01-29 15:05 --------- d-----w F:\Arquivos de programas\Arquivos comuns\Real

2008-01-27 14:00 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\Skype

2008-01-25 16:00 --------- d-----w F:\Arquivos de programas\Alawar

2008-01-19 19:01 --------- d-----w F:\Arquivos de programas\Real

2008-01-13 17:24 --------- d-----w F:\Arquivos de programas\ClocX

2008-01-09 21:43 --------- d-----w F:\Arquivos de programas\Central de Jogos

2008-01-08 00:18 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\DataLayer

2008-01-05 09:47 --------- d-----w F:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-01-04 11:31 83,168 ----a-w F:\WINDOWS\system32\S32EVNT1.DLL

2008-01-04 11:31 104,144 ----a-w F:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-01-04 11:31 --------- d-----w F:\Arquivos de programas\Symantec

2008-01-04 11:31 --------- d-----w F:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-01-03 01:52 --------- d-----w F:\Arquivos de programas\Yahoo!

2008-01-03 01:36 --------- d-----w F:\Arquivos de programas\Gabest

2008-01-03 01:34 --------- d-----w F:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-01-03 00:41 --------- d-----w F:\Arquivos de programas\SopCast

2008-01-03 00:00 --------- d-----w F:\Arquivos de programas\Windows Media Connect 2

2008-01-02 19:24 --------- d-----w F:\Arquivos de programas\PluginLetras

2008-01-02 18:25 --------- d-----w F:\Arquivos de programas\Firebird

2008-01-02 18:17 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\HK-Software

2008-01-02 18:16 --------- d-----w F:\Arquivos de programas\HK-Software

2007-12-23 13:29 --------- d-----w F:\Arquivos de programas\Messenger Plus! Live

2007-12-20 15:31 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\PlayFirst

2007-12-20 02:02 --------- d-----w F:\Documents and Settings\All Users\Dados de aplicativos\Trymedia

2007-12-20 01:21 --------- d-----w F:\Arquivos de programas\Activision Value

2007-12-19 20:07 --------- d-----w F:\Documents and Settings\All Users\Dados de aplicativos\Escape From Paradise

2007-12-19 17:33 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\Home Sweet Home

2007-12-19 16:47 --------- d-----w F:\Arquivos de programas\Trymedia

2007-12-19 15:58 --------- d-----w F:\Documents and Settings\All Users\Dados de aplicativos\PlayFirst

2007-12-19 15:42 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\Gamelab

2007-12-19 15:23 --------- d-----w F:\Arquivos de programas\Green Land Studios

2007-12-19 13:53 --------- d-----w F:\Arquivos de programas\ReflexiveArcade

2007-12-15 16:39 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\Jane s Hotel

2007-12-14 14:45 360,448 ----a-w F:\WINDOWS\system32\NVUNINST.EXE

2007-12-12 22:01 425,984 ----a-w F:\WINDOWS\ntuneoem.dll

2007-12-12 22:01 29,696 ----a-w F:\WINDOWS\nvoclock.sys

2007-12-12 21:58 36,384 ----a-w F:\WINDOWS\nvflash.sys

2007-12-12 00:11 --------- d-----w F:\Arquivos de programas\K-Lite Codec Pack

2007-12-11 15:19 1,024 ----a-w F:\Documents and Settings\All Users\Dados de aplicativos\pdfdoc2.dll

2007-12-11 15:18 --------- d-----w F:\Arquivos de programas\psconvert

2007-12-11 15:18 --------- d-----w F:\Arquivos de programas\PDF-Convert

2007-12-05 03:41 81,920 ----a-w F:\WINDOWS\system32\nvwddi.dll

2007-12-05 03:41 81,920 ----a-w F:\WINDOWS\system32\nvmctray.dll

2007-12-05 03:41 8,523,776 ----a-w F:\WINDOWS\system32\nvcpl.dll

2007-12-05 03:41 6,901,760 ----a-w F:\WINDOWS\system32\nvoglnt.dll

2007-12-05 03:41 6,549,504 ----a-w F:\WINDOWS\system32\nvdisps.dll

2007-12-05 03:41 5,773,568 ----a-w F:\WINDOWS\system32\nv4_disp.dll

2007-12-05 03:41 466,944 ----a-w F:\WINDOWS\system32\nvshell.dll

2007-12-05 03:41 45,056 ----a-w F:\WINDOWS\system32\nvmccsrs.dll

2007-12-05 03:41 442,368 ----a-w F:\WINDOWS\system32\nvappbar.exe

2007-12-05 03:41 425,984 ----a-w F:\WINDOWS\system32\keystone.exe

2007-12-05 03:41 385,024 ----a-w F:\WINDOWS\system32\nvapi.dll

2007-12-05 03:41 356,352 ----a-w F:\WINDOWS\system32\nvudisp.exe

2007-12-05 03:41 35,328 ----a-w F:\WINDOWS\system32\nvcodins.dll

2007-12-05 03:41 35,328 ----a-w F:\WINDOWS\system32\nvcod.dll

2007-12-05 03:41 3,710,976 ----a-w F:\WINDOWS\system32\nvvitvs.dll

2007-12-05 03:41 3,420,160 ----a-w F:\WINDOWS\system32\nvgames.dll

2007-12-05 03:41 286,720 ----a-w F:\WINDOWS\system32\nvnt4cpl.dll

2007-12-05 03:41 229,376 ----a-w F:\WINDOWS\system32\nvmccs.dll

2007-12-05 03:41 2,498,560 ----a-w F:\WINDOWS\system32\nvwss.dll

2007-12-05 03:41 188,416 ----a-w F:\WINDOWS\system32\nvmccss.dll

2007-12-05 03:41 155,716 ----a-w F:\WINDOWS\system32\nvsvc32.exe

2007-12-05 03:41 147,456 ----a-w F:\WINDOWS\system32\nvcolor.exe

2007-12-05 03:41 1,703,936 ----a-w F:\WINDOWS\system32\nvwdmcpl.dll

2007-12-05 03:41 1,626,112 ----a-w F:\WINDOWS\system32\nwiz.exe

2007-12-05 03:41 1,474,560 ----a-w F:\WINDOWS\system32\nview.dll

2007-12-05 03:41 1,339,392 ----a-w F:\WINDOWS\system32\nvdspsch.exe

2007-12-05 03:41 1,228,800 ----a-w F:\WINDOWS\system32\nvmobls.dll

2007-12-05 03:41 1,089,536 ----a-w F:\WINDOWS\system32\nvcuda.dll

2007-12-05 03:41 1,019,904 ----a-w F:\WINDOWS\system32\nvwimg.dll

2007-11-15 20:46 23,736 ----a-w F:\WINDOWS\system32\lmimirr.dll

2007-11-15 20:46 10,040 ----a-w F:\WINDOWS\system32\lmimirr2.dll

2007-11-09 10:49 1 ----a-w F:\Documents and Settings\Jean\SI.bin

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40498DEF-8B13-44A6-A1A7-69DFE36E9210}]

2007-03-05 18:39 915160 --------- F:\Arquivos de programas\Congoo Netpass\congootb.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{40498DEF-8B13-44A6-A1A7-69DFE36E9210}

 

[HKEY_CLASSES_ROOT\clsid\{40498def-8b13-44a6-a1a7-69dfe36e9210}]

[HKEY_CLASSES_ROOT\congootb.Band.1]

[HKEY_CLASSES_ROOT\TypeLib\{7AB2CD40-C33A-4C5A-B701-A68541DFF7DF}]

[HKEY_CLASSES_ROOT\congootb.Band]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 25088]

"LightDialer"="F:\Arquivos de programas\Turbo\Discador Turbo\DISCADOR.EXE" [2004-08-16 09:48 864256]

"NVIDIA nTune"="F:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-12-12 20:00 106496]

"MSMSGS"="F:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 14:24 1825792]

"eMuleAutoStart"="F:\Arquivos de programas\eMule\emule.exe" [2007-05-13 12:57 5308416]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 F:\WINDOWS\system32\nwiz.exe]

"SunJavaUpdateSched"="F:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

"WatchDog"="F:\Arquivos de programas\mobile PhoneTools\WatchDog.exe" [2004-08-14 05:42 36864]

"C6501Sound"="c6501.cpl" []

"NvMediaCenter"="F:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"LogMeIn GUI"="F:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048]

"AVG7_CC"="F:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-02-07 18:40 579072]

"amd_dc_opt"="F:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06 77824]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:45 25088]

"AVG7_Run"="F:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-02-07 18:40 219136]

 

F:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - F:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

Google Updater.lnk - F:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe [2008-02-10 12:27:19 125624]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="LogonUI.EXE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

avgwlntf.dll 2008-02-07 18:40 9216 F:\WINDOWS\system32\avgwlntf.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

LMIinit.dll 2007-11-15 18:46 87352 F:\WINDOWS\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]

PCANotify.dll 2007-04-27 12:10 18744 F:\WINDOWS\system32\PCANotify.dll

 

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=F:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=F:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

--a------ 2007-10-08 06:54 6338872 F:\Arquivos de programas\BitComet\BitComet.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

F:\Arquivos de programas\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 14:24 1825792 F:\Arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 16:40 155648 F:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

--a------ 2004-03-11 01:26 406016 F:\WINDOWS\system32\PSDrvCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a------ 2006-06-05 12:06 188416 F:\Arquivos de programas\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

F:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ALG"=3 (0x3)

 

R0 Defrag32b;Defrag32Boot;F:\WINDOWS\system32\drivers\Defrag32b.sys [2005-11-22 12:33]

R2 Defrag32;Defrag32;F:\WINDOWS\system32\drivers\Defrag32.sys [2005-11-22 12:33]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;F:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe [2007-01-31 01:05]

R2 LMIInfo;LogMeIn Kernel Information Provider;F:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;F:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]

R2 NVR0FLASHDev;NVR0FLASHDev;F:\WINDOWS\nvflash.sys [2007-12-12 19:58]

R2 PDSched;PDScheduler;"F:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe" [2005-11-29 12:16]

R2 UpdateCenterService;Update Center Service;F:\Arquivos de programas\NVIDIA Corporation\System Update\UpdateCenterService.exe [2007-12-12 19:59]

R3 cm102u32;C-Media CM6501 Like Sound Interface;F:\WINDOWS\system32\drivers\c6501.sys [2006-09-05 07:04]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;F:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe [2007-01-31 01:05]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);F:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 01:09]

S3 PciCon;PciCon;E:\PciCon.sys []

S3 usb2vcom;Nokia CA-42 USB;F:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2006-04-03 05:41]

S3 XDva030;XDva030;F:\WINDOWS\system32\XDva030.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\AutoRun\command - H:\setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

\Shell\AutoRun\command - I:\doNada.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]

\Shell\AutoRun\command - J:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]

\Shell\AutoRun\command - K:\Autorun.exe

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-01-30 00:31:00 F:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- F:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-10 15:46:43

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-02-10 15:47:19

ComboFix-quarantined-files.txt 2008-02-10 17:46:59

ComboFix2.txt 2008-02-10 12:19:17

ComboFix3.txt 2008-02-08 00:06:37

.

2008-01-13 14:26:00 --- E O F ---

 

 

jah deletei as pastas

 

esperando proximos passos

[jgarcia 1]

Opa jeanjcds,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

E:\autorun.exe

H:\setup.exe

I:\doNada.exe

J:\autorun.exe

K:\Autorun.exe

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

2ª Etapa

 

Reinicie em Modo Normal.

 

Poste um novo log do ComboFix.

 

Um abraço.

[jeanjcds 0]

ola!

creio q fiz M.... sei lah a etapa 1 ñ deu muito certo, pois os procedimentos 2, 3 e 4 ñ realizei muito certo.

ñ consegui colocar os caminhos na area de tranferencia nem no firefox nem no iexplorer. conseguentemente o 3 ñ deu certo e o 4 tbm.

 

ai segue o log depois q eu usei o killbox

 

ComboFix 08-02.05.3 - Jean 2008-02-10 16:41:11.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1601 [GMT -2:00]

Executando de: F:\LinhaDefenciva\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))))

.

 

2008-02-10 15:44 . 2004-08-04 01:45 401,920 --a------ F:\kmd.exe

2008-02-10 12:27 . 2008-02-10 12:27 <DIR> d-------- F:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2008-02-08 00:14 . 2007-06-29 14:47 34,304 --a------ F:\WINDOWS\system32\drivers\AmdLLD.sys

2008-02-07 23:51 . 2008-02-08 00:14 <DIR> d-------- F:\Arquivos de programas\AMD

2008-02-07 23:10 . 2008-02-07 23:10 <DIR> d-------- F:\VundoFix Backups

2008-02-07 18:40 . 2008-02-07 18:40 <DIR> d-------- F:\Documents and Settings\LocalService\Dados de aplicativos\AVG7

2008-02-07 18:40 . 2008-02-10 12:35 <DIR> d-------- F:\Documents and Settings\Jean\Dados de aplicativos\AVG7

2008-02-07 18:40 . 2008-02-07 18:40 <DIR> d-------- F:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-02-07 18:40 . 2008-02-07 20:02 <DIR> d-------- F:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-02-07 18:40 . 2008-02-07 18:40 9,216 --a------ F:\WINDOWS\system32\avgwlntf.dll

2008-01-31 21:35 . 2008-01-31 21:35 8,294,454 --a------ F:\WINDOWS\startup.bmp

2008-01-31 21:35 . 2004-08-04 01:45 219,648 --a------ F:\WINDOWS\system32\uxtheme.backup

2008-01-31 21:33 . 2008-01-31 21:35 <DIR> d-------- F:\WINDOWS\VistaMizer

2008-01-30 17:42 . 2006-04-29 14:25 40,960 --a------ F:\WINDOWS\system32\psfind.dll

2008-01-29 12:55 . 2008-01-29 13:02 <DIR> d-------- F:\Documents and Settings\Jean\Dados de aplicativos\Aston

2008-01-29 12:55 . 2008-01-29 13:02 <DIR> dr------- F:\Arquivos de programas\Aston

2008-01-29 11:57 . 2008-01-29 12:14 <DIR> d-------- F:\Arquivos de programas\Karaoke Video

2008-01-28 20:03 . 2008-02-07 20:02 <DIR> d-------- F:\Arquivos de programas\Mediacenter

2008-01-28 10:03 . 2008-01-29 10:42 <DIR> d-------- F:\Arquivos de programas\phenomedia

2008-01-27 11:40 . 2008-01-29 20:29 <DIR> d-------- F:\Arquivos de programas\Cartoon Network All-Stars

2008-01-27 00:45 . 2008-01-28 15:52 22,328 --a------ F:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-01-27 00:45 . 2008-01-27 00:45 22,328 --a------ F:\Documents and Settings\Jean\Dados de aplicativos\PnkBstrK.sys

2008-01-27 00:44 . 2008-01-28 15:52 107,832 --a------ F:\WINDOWS\system32\PnkBstrB.exe

2008-01-27 00:44 . 2008-01-28 15:52 66,872 --a------ F:\WINDOWS\system32\PnkBstrA.exe

2008-01-27 00:10 . 2008-01-27 00:10 285 --a------ F:\WINDOWS\game.ini

2008-01-26 15:39 . 2008-01-26 15:39 <DIR> d-------- F:\Arquivos de programas\Crazy Machines - Neues aus dem Labor

2008-01-25 19:40 . 2008-01-31 12:53 <DIR> d-------- F:\Documents and Settings\Jean\Dados de aplicativos\Bioshock

2008-01-25 14:04 . 2007-10-03 10:42 <DIR> d--h----- F:\Documents and Settings\LogMeInRemoteUser\Modelos

2008-01-25 14:04 . 2007-10-03 18:37 <DIR> d-------- F:\Documents and Settings\LogMeInRemoteUser\Meus documentos

2008-01-25 14:04 . 2007-10-03 18:37 <DIR> dr------- F:\Documents and Settings\LogMeInRemoteUser\Menu Iniciar

2008-01-25 14:04 . 2007-10-03 18:37 <DIR> d-------- F:\Documents and Settings\LogMeInRemoteUser\Favoritos

2008-01-25 14:04 . 2007-10-03 18:37 <DIR> dr-h----- F:\Documents and Settings\LogMeInRemoteUser\Dados de aplicativos

2008-01-25 14:04 . 2008-02-10 15:47 <DIR> d--h----- F:\Documents and Settings\LogMeInRemoteUser\Configurações locais

2008-01-25 14:04 . 2007-10-03 18:37 <DIR> d--h----- F:\Documents and Settings\LogMeInRemoteUser\Ambiente de rede

2008-01-25 14:04 . 2007-10-03 18:37 <DIR> d--h----- F:\Documents and Settings\LogMeInRemoteUser\Ambiente de impressão

2008-01-25 00:47 . 2008-01-25 00:47 <DIR> d-------- F:\Arquivos de programas\Konami

2008-01-24 22:02 . 2007-10-12 15:14 3,734,536 --a------ F:\WINDOWS\system32\d3dx9_36.dll

2008-01-24 22:02 . 2007-07-19 18:14 3,727,720 --a------ F:\WINDOWS\system32\d3dx9_35.dll

2008-01-24 22:02 . 2007-10-12 15:14 1,374,232 --a------ F:\WINDOWS\system32\D3DCompiler_36.dll

2008-01-24 22:02 . 2007-07-19 18:14 1,358,192 --a------ F:\WINDOWS\system32\D3DCompiler_35.dll

2008-01-24 22:02 . 2007-10-02 09:56 444,776 --a------ F:\WINDOWS\system32\d3dx10_36.dll

2008-01-24 22:02 . 2007-07-19 18:14 444,776 --a------ F:\WINDOWS\system32\d3dx10_35.dll

2008-01-24 22:02 . 2007-10-22 03:39 267,272 --a------ F:\WINDOWS\system32\xactengine2_10.dll

2008-01-24 22:02 . 2007-07-20 00:57 267,112 --a------ F:\WINDOWS\system32\xactengine2_9.dll

2008-01-24 22:00 . 2008-01-24 22:02 <DIR> d--h----- F:\WINDOWS\msdownld.tmp

2008-01-24 21:56 . 2008-01-24 21:56 <DIR> d-------- F:\Arquivos de programas\LevelUpGames

2008-01-24 15:10 . 2008-02-10 10:09 <DIR> d-------- F:\Arquivos de programas\LogMeIn

2008-01-24 15:10 . 2007-11-15 18:46 87,352 --a------ F:\WINDOWS\system32\LMIinit.dll

2008-01-24 15:10 . 2007-11-15 18:46 83,288 --a------ F:\WINDOWS\system32\LMIRfsClientNP.dll

2008-01-24 15:10 . 2007-08-03 15:09 46,112 --a------ F:\WINDOWS\system32\drivers\LMIRfsDriver.sys

2008-01-24 15:10 . 2007-11-15 18:46 21,496 --a------ F:\WINDOWS\system32\LMIport.dll

2008-01-19 19:49 . 2008-01-19 19:49 <DIR> d-------- F:\WINDOWS\48B8222675E34E9092CCD30F79EA6380.TMP

2008-01-19 17:01 . 2008-01-19 17:01 774,144 --a------ F:\Arquivos de programas\RngInterstitial.dll

2008-01-16 22:16 . 2008-01-17 10:02 <DIR> d-------- F:\WINDOWS\NV52525556.TMP

2008-01-16 21:59 . 2008-01-16 22:00 <DIR> d-------- F:\Arquivos de programas\NVIDIA Corporation

2008-01-15 09:52 . 2008-01-15 09:52 <DIR> d-------- F:\naruto

2008-01-13 15:43 . 2008-01-13 15:43 <DIR> d-------- F:\TEXCACHE

2008-01-13 15:30 . 2008-01-13 22:41 <DIR> d-------- F:\Arquivos de programas\Cenega

2008-01-12 20:13 . 2008-01-12 20:13 <DIR> d-------- F:\Arquivos de programas\AquaMark3

2008-01-12 20:13 . 1999-10-21 11:12 20,400 --a------ F:\WINDOWS\system32\drivers\entech.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-10 15:47 --------- d-----w F:\Arquivos de programas\eMule

2008-02-10 14:27 --------- d-----w F:\Arquivos de programas\Google

2008-02-08 22:08 --------- d-----w F:\Arquivos de programas\Ubisoft

2008-02-08 01:51 --------- d--h--w F:\Arquivos de programas\InstallShield Installation Information

2008-02-07 22:02 --------- d-----w F:\Arquivos de programas\whInstall

2008-01-31 23:35 219,648 ----a-w F:\WINDOWS\system32\uxtheme.dll

2008-01-30 19:47 --------- d-----w F:\Arquivos de programas\GameVicio

2008-01-30 19:36 --------- d-----w F:\Arquivos de programas\THQ

2008-01-29 15:05 --------- d-----w F:\Arquivos de programas\Arquivos comuns\Real

2008-01-27 14:00 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\Skype

2008-01-25 16:00 --------- d-----w F:\Arquivos de programas\Alawar

2008-01-19 19:01 --------- d-----w F:\Arquivos de programas\Real

2008-01-13 17:24 --------- d-----w F:\Arquivos de programas\ClocX

2008-01-09 21:43 --------- d-----w F:\Arquivos de programas\Central de Jogos

2008-01-08 00:18 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\DataLayer

2008-01-05 09:47 --------- d-----w F:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-01-04 11:31 83,168 ----a-w F:\WINDOWS\system32\S32EVNT1.DLL

2008-01-04 11:31 104,144 ----a-w F:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-01-04 11:31 --------- d-----w F:\Arquivos de programas\Symantec

2008-01-04 11:31 --------- d-----w F:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-01-03 01:52 --------- d-----w F:\Arquivos de programas\Yahoo!

2008-01-03 01:36 --------- d-----w F:\Arquivos de programas\Gabest

2008-01-03 01:34 --------- d-----w F:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-01-03 00:41 --------- d-----w F:\Arquivos de programas\SopCast

2008-01-03 00:00 --------- d-----w F:\Arquivos de programas\Windows Media Connect 2

2008-01-02 19:24 --------- d-----w F:\Arquivos de programas\PluginLetras

2008-01-02 18:25 --------- d-----w F:\Arquivos de programas\Firebird

2008-01-02 18:17 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\HK-Software

2008-01-02 18:16 --------- d-----w F:\Arquivos de programas\HK-Software

2007-12-23 13:29 --------- d-----w F:\Arquivos de programas\Messenger Plus! Live

2007-12-20 15:31 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\PlayFirst

2007-12-20 02:02 --------- d-----w F:\Documents and Settings\All Users\Dados de aplicativos\Trymedia

2007-12-20 01:21 --------- d-----w F:\Arquivos de programas\Activision Value

2007-12-19 20:07 --------- d-----w F:\Documents and Settings\All Users\Dados de aplicativos\Escape From Paradise

2007-12-19 17:33 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\Home Sweet Home

2007-12-19 16:47 --------- d-----w F:\Arquivos de programas\Trymedia

2007-12-19 15:58 --------- d-----w F:\Documents and Settings\All Users\Dados de aplicativos\PlayFirst

2007-12-19 15:42 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\Gamelab

2007-12-19 15:23 --------- d-----w F:\Arquivos de programas\Green Land Studios

2007-12-19 13:53 --------- d-----w F:\Arquivos de programas\ReflexiveArcade

2007-12-15 16:39 --------- d-----w F:\Documents and Settings\Jean\Dados de aplicativos\Jane s Hotel

2007-12-14 14:45 360,448 ----a-w F:\WINDOWS\system32\NVUNINST.EXE

2007-12-12 22:01 425,984 ----a-w F:\WINDOWS\ntuneoem.dll

2007-12-12 22:01 29,696 ----a-w F:\WINDOWS\nvoclock.sys

2007-12-12 21:58 36,384 ----a-w F:\WINDOWS\nvflash.sys

2007-12-12 00:11 --------- d-----w F:\Arquivos de programas\K-Lite Codec Pack

2007-12-11 15:19 1,024 ----a-w F:\Documents and Settings\All Users\Dados de aplicativos\pdfdoc2.dll

2007-12-11 15:18 --------- d-----w F:\Arquivos de programas\psconvert

2007-12-11 15:18 --------- d-----w F:\Arquivos de programas\PDF-Convert

2007-12-05 03:41 81,920 ----a-w F:\WINDOWS\system32\nvwddi.dll

2007-12-05 03:41 81,920 ----a-w F:\WINDOWS\system32\nvmctray.dll

2007-12-05 03:41 8,523,776 ----a-w F:\WINDOWS\system32\nvcpl.dll

2007-12-05 03:41 6,901,760 ----a-w F:\WINDOWS\system32\nvoglnt.dll

2007-12-05 03:41 6,549,504 ----a-w F:\WINDOWS\system32\nvdisps.dll

2007-12-05 03:41 5,773,568 ----a-w F:\WINDOWS\system32\nv4_disp.dll

2007-12-05 03:41 466,944 ----a-w F:\WINDOWS\system32\nvshell.dll

2007-12-05 03:41 45,056 ----a-w F:\WINDOWS\system32\nvmccsrs.dll

2007-12-05 03:41 442,368 ----a-w F:\WINDOWS\system32\nvappbar.exe

2007-12-05 03:41 425,984 ----a-w F:\WINDOWS\system32\keystone.exe

2007-12-05 03:41 385,024 ----a-w F:\WINDOWS\system32\nvapi.dll

2007-12-05 03:41 356,352 ----a-w F:\WINDOWS\system32\nvudisp.exe

2007-12-05 03:41 35,328 ----a-w F:\WINDOWS\system32\nvcodins.dll

2007-12-05 03:41 35,328 ----a-w F:\WINDOWS\system32\nvcod.dll

2007-12-05 03:41 3,710,976 ----a-w F:\WINDOWS\system32\nvvitvs.dll

2007-12-05 03:41 3,420,160 ----a-w F:\WINDOWS\system32\nvgames.dll

2007-12-05 03:41 286,720 ----a-w F:\WINDOWS\system32\nvnt4cpl.dll

2007-12-05 03:41 229,376 ----a-w F:\WINDOWS\system32\nvmccs.dll

2007-12-05 03:41 2,498,560 ----a-w F:\WINDOWS\system32\nvwss.dll

2007-12-05 03:41 188,416 ----a-w F:\WINDOWS\system32\nvmccss.dll

2007-12-05 03:41 155,716 ----a-w F:\WINDOWS\system32\nvsvc32.exe

2007-12-05 03:41 147,456 ----a-w F:\WINDOWS\system32\nvcolor.exe

2007-12-05 03:41 1,703,936 ----a-w F:\WINDOWS\system32\nvwdmcpl.dll

2007-12-05 03:41 1,626,112 ----a-w F:\WINDOWS\system32\nwiz.exe

2007-12-05 03:41 1,474,560 ----a-w F:\WINDOWS\system32\nview.dll

2007-12-05 03:41 1,339,392 ----a-w F:\WINDOWS\system32\nvdspsch.exe

2007-12-05 03:41 1,228,800 ----a-w F:\WINDOWS\system32\nvmobls.dll

2007-12-05 03:41 1,089,536 ----a-w F:\WINDOWS\system32\nvcuda.dll

2007-12-05 03:41 1,019,904 ----a-w F:\WINDOWS\system32\nvwimg.dll

2007-11-15 20:46 23,736 ----a-w F:\WINDOWS\system32\lmimirr.dll

2007-11-15 20:46 10,040 ----a-w F:\WINDOWS\system32\lmimirr2.dll

2007-11-09 10:49 1 ----a-w F:\Documents and Settings\Jean\SI.bin

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40498DEF-8B13-44A6-A1A7-69DFE36E9210}]

2007-03-05 18:39 915160 --------- F:\Arquivos de programas\Congoo Netpass\congootb.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{40498DEF-8B13-44A6-A1A7-69DFE36E9210}

 

[HKEY_CLASSES_ROOT\clsid\{40498def-8b13-44a6-a1a7-69dfe36e9210}]

[HKEY_CLASSES_ROOT\congootb.Band.1]

[HKEY_CLASSES_ROOT\TypeLib\{7AB2CD40-C33A-4C5A-B701-A68541DFF7DF}]

[HKEY_CLASSES_ROOT\congootb.Band]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 25088]

"LightDialer"="F:\Arquivos de programas\Turbo\Discador Turbo\DISCADOR.EXE" [2004-08-16 09:48 864256]

"NVIDIA nTune"="F:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-12-12 20:00 106496]

"MSMSGS"="F:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 14:24 1825792]

"eMuleAutoStart"="F:\Arquivos de programas\eMule\emule.exe" [2007-05-13 12:57 5308416]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 F:\WINDOWS\system32\nwiz.exe]

"SunJavaUpdateSched"="F:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

"WatchDog"="F:\Arquivos de programas\mobile PhoneTools\WatchDog.exe" [2004-08-14 05:42 36864]

"C6501Sound"="c6501.cpl" []

"NvMediaCenter"="F:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"LogMeIn GUI"="F:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048]

"AVG7_CC"="F:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-02-07 18:40 579072]

"amd_dc_opt"="F:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06 77824]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:45 25088]

"AVG7_Run"="F:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-02-07 18:40 219136]

 

F:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - F:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

Google Updater.lnk - F:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe [2008-02-10 12:27:19 125624]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="LogonUI.EXE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

avgwlntf.dll 2008-02-07 18:40 9216 F:\WINDOWS\system32\avgwlntf.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

LMIinit.dll 2007-11-15 18:46 87352 F:\WINDOWS\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]

PCANotify.dll 2007-04-27 12:10 18744 F:\WINDOWS\system32\PCANotify.dll

 

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=F:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=F:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

--a------ 2007-10-08 06:54 6338872 F:\Arquivos de programas\BitComet\BitComet.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

F:\Arquivos de programas\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 14:24 1825792 F:\Arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 16:40 155648 F:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

--a------ 2004-03-11 01:26 406016 F:\WINDOWS\system32\PSDrvCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a------ 2006-06-05 12:06 188416 F:\Arquivos de programas\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

F:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ALG"=3 (0x3)

 

R0 Defrag32b;Defrag32Boot;F:\WINDOWS\system32\drivers\Defrag32b.sys [2005-11-22 12:33]

R2 Defrag32;Defrag32;F:\WINDOWS\system32\drivers\Defrag32.sys [2005-11-22 12:33]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;F:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe [2007-01-31 01:05]

R2 LMIInfo;LogMeIn Kernel Information Provider;F:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;F:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]

R2 NVR0FLASHDev;NVR0FLASHDev;F:\WINDOWS\nvflash.sys [2007-12-12 19:58]

R2 PDSched;PDScheduler;"F:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe" [2005-11-29 12:16]

R2 UpdateCenterService;Update Center Service;F:\Arquivos de programas\NVIDIA Corporation\System Update\UpdateCenterService.exe [2007-12-12 19:59]

R3 cm102u32;C-Media CM6501 Like Sound Interface;F:\WINDOWS\system32\drivers\c6501.sys [2006-09-05 07:04]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;F:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe [2007-01-31 01:05]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);F:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 01:09]

S3 PciCon;PciCon;E:\PciCon.sys []

S3 usb2vcom;Nokia CA-42 USB;F:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2006-04-03 05:41]

S3 XDva030;XDva030;F:\WINDOWS\system32\XDva030.sys []

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-01-30 00:31:00 F:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- F:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-10 16:43:12

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-02-10 16:43:46

ComboFix-quarantined-files.txt 2008-02-10 18:43:26

ComboFix2.txt 2008-02-10 17:47:20

ComboFix3.txt 2008-02-10 12:19:17

ComboFix4.txt 2008-02-08 00:06:37

.

2008-01-13 14:26:00 --- E O F ---

[jgarcia 1]

Opa jeanjcds,

 

Execute o Active Scan da Panda, observando os seguintes procedimentos:

 

1) Alguns anti-vírus, tal como o AVAST, podem exibir um alerta de detecção durante a execução do scan, porém tal alerta deve ser ignorado. O aviso não passa de um falso-positivo. Sugiro que o AV seja desabilitado, temporariamente, a fim de que o scan ocorra sem problemas;

 

2) Para iniciar o processo, clique sobre o botão ;

 

3) Informe os dados solicitados no formulário;

 

4) Clique sobre o botão "Pesquise agora sem custos";

 

5) Siga todas as instruções que lhe serão passadas e aguarde o fim da varredura;

 

6) Ao término do scan, clique em visualizar o log. Salve-o em seu Desktop;

 

7) Poste o conteúdo do log em sua próxima resposta.

 

Abraços.

[jeanjcds 0]

Incidência Estado Localização

 

Adware:adware/webhancer Não desinfectado f:\arquivos de programas\whInstall

Ferramenta potencialmente indesejada:application/myglobalsearch Não desinfectado hkey_local_machine\software\MyGlobalSearch

Adware:adware/savenow Não desinfectado Registo do Windows

Adware:adware/whenusearch Não desinfectado Registo do Windows

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado F:\Arquivos de programas\Mozilla Firefox\plugins\NPMyGlSh.dll

Spyware:Cookie/Atlas DMT Não desinfectado F:\Documents and Settings\Jean\Cookies\jean@atdmt[1].txt

Spyware:Cookie/Com.com Não desinfectado F:\Documents and Settings\Jean\Cookies\jean@uol.com[2].txt

Ferramenta potencialmente indesejada:Application/NirCmd.A Não desinfectado F:\LinhaDefenciva\ComboFix.exe[327882R2FWJFW\nircmd.com]

Ferramenta potencialmente indesejada:Application/NirCmd.A Não desinfectado F:\LinhaDefenciva\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]

Ferramenta potencialmente indesejada:Application/NirCmd.A Não desinfectado F:\WINDOWS\Nircmd.exe

Virus:Generic Trojan Desinfectado G:\Gothic III\Gothic3.exe

 

 

 

tah ai

o q acha tem jeito?

[jgarcia 1]

Opa jeanjcds,

 

Vamos lá.

 

1ª Etapa

 

Baixe o AVG Anti-Spyware em:

AVG Anti-Spyware

 

1. Dê duplo-clique sobre o ícone do arquivo baixado;

 

2. Selecione Português como idioma para instalação;

 

3. Na janela de boas-vindas do Assistente do AVG Anti-Spyware clique em Seguinte >;

 

4. Na janela do Contrato de Licença clique em Aceito;

 

5. Clique em Seguinte > Instalar > aguarde o término do processo de instalação > clique em Terminar;

 

6. Quando a janela do AVG Anti-Spyware abrir, escolha Atualizar e aguarde o término do processo, mas não o execute ainda.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie em Modo Seguro.

 

1. Execute o AVG Anti-Spyware e clique em Status. Em Última verificação escolha Verificar agora > Verificação completa do sistema > aguarde o término da varredura;

 

2. Quando a varredura terminar verifique a coluna Ameaça e, sobretudo, a Ação que será executada. Caso não possua certeza sobre a exclusão de algum arquivo ou tenha certeza de que ele é legítimo, basta selecioná-lo dar um clique direito e escolher Ignorar uma vez ou Adicionar à lista de exceções;

 

3. Feito o procedimento acima clique em Aplicar todas as ações;

 

4. Clique em Salvar relatório. Copie o conteúdo do relatório e poste em sua próxima resposta.

 

3ª Etapa

 

Reinicie o computador em Modo Normal.

 

Verifique se o Active Scan da Panda ainda detecta algo.

 

Abraços.

[jeanjcds 0]

--------------------------------------------------------

AVG Anti-Spyware - Relatório de verificação

---------------------------------------------------------

 

+ Criação: 19:54:33 12/02/2008

 

+ Resultado da verificação:

 

 

 

F:\Arquivos de programas\whInstall -> Adware.Webhancer : Limpo.

F:\Documents and Settings\Jean\Cookies\jean@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Limpo.

F:\Documents and Settings\Jean\Cookies\jean@atdmt[2].txt -> TrackingCookie.Atdmt : Limpo.

F:\Documents and Settings\Jean\Cookies\jean@doubleclick[1].txt -> TrackingCookie.Doubleclick : Limpo.

 

 

::Fim do relatório

 

 

 

 

 

 

Incidência Estado Localização

 

Ferramenta potencialmente indesejada:application/myglobalsearch Não desinfectado hkey_local_machine\software\MyGlobalSearch

Adware:adware/savenow Não desinfectado Registo do Windows

Adware:adware/whenusearch Não desinfectado Registo do Windows

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado F:\Arquivos de programas\Mozilla Firefox\plugins\NPMyGlSh.dll

Spyware:Cookie/Com.com Não desinfectado F:\Documents and Settings\Jean\Cookies\jean@terra.com[1].txt

Spyware:Cookie/Com.com Não desinfectado F:\Documents and Settings\Jean\Cookies\jean@uol.com[1].txt

[jgarcia 1]

Opa jeanjcds,

 

Vamos lá.

 

1ª Etapa

 

Desinstale:

-> WhenU ou WhenUSearch

 

Vá em Adicionar / Remover programas.

 

Desinstale-o e reinicie após tê-lo feito.

 

Obs.: Caso não encontre o programa acima citado na lista, apenas passe para a próxima etapa.

 

2ª Etapa

 

Vá em Iniciar -> Executar -> digite regedit -> dê Ok.

 

Navegue até a seguinte subchave:

 

hkey_local_machine\software

 

Localize e delete a seguinte pasta:

 

MyGlobalSearch

 

Saia do Editor do Registro.

 

Localize e delete o seguinte arquivo:

 

F:\Arquivos de programas\Mozilla Firefox\plugins\NPMyGlSh.dll

 

Execute o Active Scan novamente e veja se ainda detecta algo.

 

Abraços.

[jeanjcds 0]

ñ encontrei -> WhenU ou WhenUSearch para desinstalar, nem no Adicionar / Remover programas nem no Cclener

 

mas exclui ele do registro, e apaguei aquele arquivo do firefox.

 

ai o log do Active Scan:

 

 

Incidência Estado Localização

 

Adware:adware/savenow Não desinfectado Registo do Windows

Adware:adware/whenusearch Não desinfectado Registo do Windows

Spyware:Cookie/PointRoll Não desinfectado F:\Documents and Settings\Jean\Cookies\jean@ads.pointroll[1].txt

Spyware:Cookie/Atlas DMT Não desinfectado F:\Documents and Settings\Jean\Cookies\jean@atdmt[2].txt

Spyware:Cookie/Doubleclick Não desinfectado F:\Documents and Settings\Jean\Cookies\jean@doubleclick[1].txt

Spyware:Cookie/Com.com Não desinfectado F:\Documents and Settings\Jean\Cookies\jean@terra.com[1].txt

Spyware:Cookie/Com.com Não desinfectado F:\Documents and Settings\Jean\Cookies\jean@uol.com[1].txt

[jgarcia 1]

Opa jeanjcds,

 

Vamos lá.

 

1. Reinicie em Modo Seguro.

2. Clique em Iniciar > Executar.

3. Digite regedit.

4. Clique em OK.

5. Navegue e apague as seguintes sub-chaves, se houver:

 

HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSearch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSearchB

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSearchF

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Xtractor Plus_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{737830B7-F1F9-4bae-A8FC-1433C71BEDFF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\windows\CurrentVersion\Explorer\Browser Helper Objects\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free Software

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{715839CD-ABEC-45D8-A83C-1275F2D837CD}

HKEY_CLASSES_ROOT\WUSN.1

HKEY_CLASSES_ROOT\WUSE.1

HKEY_CLASSES_ROOT\CLSID\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}

HKEY_CLASSES_ROOT\CLSID\{715839CD-ABEC-45D8-A83C-1275F2D837CD}

HKEY_CLASSES_ROOT\CLSID\{763BD795-24AE-44d7-82D8-F9A1EE799729}

HKEY_CLASSES_ROOT\CLSID\{45E5DADB-DFDF-4FC3-A46C-DD34B6CDDB38}

HKEY_CLASSES_ROOT\CLSID\{E2F2B9D0-96B9-4B25-B90C-636ECB207D18}

 

6. Navegue até as seguintes sub-chaves:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

 

7. No painel à direita, apague os valores, se houver:

 

"WhenUSearch" = "%ProgramFiles%\WhenUSearch\Search.exe"

"WhenUSearchWHSE" = "%ProgramFiles%\WhenUSearch\WHSE.exe"

"VVSN" = "%ProgramFiles%\VVSN\VVSN.exe"

"SaveNow" = "%ProgramFiles%\SaveNow\SaveNow.exe"

"WhenUSave" = "%ProgramFiles%\Save\Save.exe"

 

8. Saia do Editor do Registro.

 

9. Apagando os arquivos utilizados pelo adware:

 

a. Abra o Windows Explorer (Programas > Acessórios > Windows Explorer).

b. Navegue até a pasta %ProgramFiles%\Save e apague-a.

c. Navegue até a pasta %ProgramFiles%\VVSN e apague-a.

d. Navegue até a pasta %ProgramFiles%\SaveNow e apague-a.

e. Navegue até a pasta %ProgramFiles%\Xtractor Plus e apague-a.

f. Navegue até a pasta %ProgramFiles%\WhenUSearch e apague-a.

g. Navegue até o arquivo %UserProfile%\Menu Iniciar\Programas\WhenU\Learn More About Save!.url e apague-o.

h. Navegue até o arquivo %UserProfile%\Menu Iniciar\Programas\WhenU\Learn More About SaveNow.url e apague-o.

i. Navegue até o arquivo %UserProfile%\Menu Iniciar\Programas\Startup\GStartup.lnk e apague-o.

 

10. Saia do Windows Explorer.

 

11. Execute o Active Scan mais uma vez e veja se ainda detecta algo.

 

Abraços.

 

Obs.: Talvez você não encontre todas as entradas acima citadas.

[jeanjcds 0]

soh encontrou os do cookie:

Incidência Estado Localização

 

Spyware:Cookie/PointRoll Não desinfectado F:\Documents and Settings\Jean\Cookies\jean@ads.pointroll[1].txt

Spyware:Cookie/Atlas DMT Não desinfectado F:\Documents and Settings\Jean\Cookies\jean@atdmt[2].txt

Spyware:Cookie/Doubleclick Não desinfectado F:\Documents and Settings\Jean\Cookies\jean@doubleclick[1].txt

Spyware:Cookie/Com.com Não desinfectado F:\Documents and Settings\Jean\Cookies\jean@terra.com[1].txt

Spyware:Cookie/Com.com Não desinfectado F:\Documents and Settings\Jean\Cookies\jean@uol.com[1].txt

 

 

a do q você havia me mandado deletar soh tinha 1 unica coisa q era uma sub-chave. Era soh isso msm?

 

esperando proximo passo :)

 

 

muito obrigado pela sua atenção!

[jgarcia 1]

Opa jeanjcds,

 

Tudo certo. As supostas infecções não passam de Cookies, os quais podem ser facilmente removidos com o auxílio do CCleaner. Mais algum problema? A área de trabalho continua com problema?