[Resolvido] Não consigo tirar essa inhaca.

[Deeplink 0]

Bom gente quando entro no gerenciador de tarefas tem essa porcaria lá, notei que apareceu um tal de wintems também e não consigo fazer isso parar. Alias tentei seguir algumas recomendações de foruns e tal, porém, esse maldito vírus não deixa eu executar o Hijack, ccleaner, spybot, nada que eu tenha lido que possa ajudar a resolver. Tentei instalar o trojan remover ele não instala diz que o diretorio foi removido manualmente, o avast nao inicia, ta complilcado, será que alguém pode me ajudar?

 

Alias, tentei iniciar o pc em modo de segurança e também não entra, volta pro boot... :(

[DigRam 144]

Boa Noite Deeplink!

 

>@< Execute estas recomendações,e veja se resolve:

 

< Removendo a versão Bagle com Rootkit-Versão 02 >

 

>@< Tendo sucesso,poste o relatório do HijackThis.

________________________

 

>@< Baixe: < HijackThis versão 1.99.1 >

 

>@< Depois,vá em: Iniciar >> Meu Computador >> 02 cliques no C.

>@< Salve-o no Disco Local-C!

>@< Extraia-o do zip,para uma pasta própria! Tipo: C:/HijackThis

>@< Execute o HijackThis.exe,à partir do C.

>@< Feche todos os programas! ( Deixe,apenas,a área de trabalho! )

>@< Clique em: Do a system scan and save a logfile

>@< Abrir-se-á um Bloco de Notas,contendo o relatório ( Log ),que será colado na sua resposta.

 

Abraços!

[Deeplink 0]

Boa tarde Digram.

 

Segui os procedimentos descritos, mas creio que o problema tenha sido resolvido apenas em partes, o ccleaner que não funcionava passou a funcionar, porém o Hijack continua sem funcionar, simplesmente trava e para de responder, ainda não é possível também dar o boot no modo de segurança. quando escolho essa opção a máquina volta para o boot.

 

Notei que estranhamente logo depois de executar os passos descritos no link, as 3 etapas, a máquina reiniciou sozinha depois de alguns minutos ligada.

 

No gerenciador de tarefas sumiu o wintems, porém continua aparecendo esse auto beleza cutcutado.

 

Sei que precisam do log do hijack para ajudar, porém não consigo executa-lo na máquina.

 

Desde já agradeço o pronto atendimento e atenção.

[DigRam 144]

Boa Tarde! Deeplink

 

>@< Faça o download do EliBagla.

>@< Salve-o no Desktop!

>@< Agora,vá ao seu ícone e execute a ferramenta!

>@< Terminando,reinicie o computador em Modo de Segurança. << Importante!

>@< Execute,novamente,o EliBagla.

>@< Poste o relatório infoSAT.txt que está na raíz C:\ ( Disco Local-C )

________________________

 

>@< Faça o download do BlackLight.

>@< Baixe-o para o Disco Local-C!

>@< Estabeleça uma pasta própria para o programa ( FSBlackLight ).

>@< Ao roda-lo,feche todas as janelas e o navegador!

>@< Execute o programa,clicando no seu executável,e aceite o contrato de Licença.

>@< Na janela Step1 ( Scan for hidden itens ) >> Clique em Scan.

>@< Quando o scan terminar,aparecerá o botão Show all processes.

>@< O relatório ( Log ),estará na mesma pasta do executável.

>@< Poste o conteúdo dêste Log ( fsbl xxxxx.log ),na sua resposta.Onde xxxxx são números!

 

Abraços!

[Deeplink 0]

Boa noite,

 

Segue abaixo o relatório do EliBagla.

 

---------------------------------------------------------------------------------------------------

Sat Mar 15 19:01:46 2008

EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

Por favor, envienos una muestra del fichero

C:\Muestras\SROSA.SYS.Muestra EliBagle v11.15

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle Acceso Denegado.

Por favor, envienos una muestra del fichero

C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.15

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Restaurada Clave: "SafeBoot\Minimal y Network"

Reinicie para Completar la Limpieza.

 

Sat Mar 15 19:32:30 2008

EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

 

Nº Total de Directorios: 8426

Nº Total de Ficheros: 117991

Nº de Ficheros Analizados: 8989

Nº de Ficheros Infectados: 1

Nº de Ficheros Limpiados: 1

 

Sat Mar 15 19:35:12 2008

EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad D:\

 

Nº Total de Directorios: 130

Nº Total de Ficheros: 3578

Nº de Ficheros Analizados: 115

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

Sat Mar 15 19:35:18 2008

EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad E:\

 

Nº Total de Directorios: 1841

Nº Total de Ficheros: 43906

Nº de Ficheros Analizados: 1061

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

Sat Mar 15 19:35:41 2008

EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad F:\

 

Nº Total de Directorios: 689

Nº Total de Ficheros: 11701

Nº de Ficheros Analizados: 162

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

Sat Mar 15 19:39:39 2008

EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

Por favor, envienos una muestra del fichero

C:\Muestras\SROSA.SYS.Muestra EliBagle v11.15

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle

Por favor, envienos una muestra del fichero

C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.15

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle

 

Sat Mar 15 19:39:46 2008

EliBagle v11.15 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\!KillBox\WINTEMS.EXE --> Eliminado Bagle

C:\WINDOWS\system32\MDELK.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\down\1654359.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\down\644375.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\down\654218.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\down\654531.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\down\656218.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\down\661968.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\down\673109.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\down\703625.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\down\805828.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\down\841187.EXE --> Eliminado Bagle

 

Nº Total de Directorios: 8547

Nº Total de Ficheros: 117508

Nº de Ficheros Analizados: 9025

Nº de Ficheros Infectados: 12

Nº de Ficheros Limpiados: 12

 

 

---------------------------------------------------------------------------------------------------

 

Segue abaixo o log do Blacklight

 

03/15/08 19:52:29 [info]: BlackLight Engine 1.0.67 initialized

03/15/08 19:52:29 [info]: OS: 5.1 build 2600 (Service Pack 2)

03/15/08 19:52:29 [Note]: 7019 4

03/15/08 19:52:29 [Note]: 7005 0

03/15/08 19:52:38 [Note]: 7006 0

03/15/08 19:52:39 [Note]: 7011 1468

03/15/08 19:52:40 [Note]: 7026 0

03/15/08 19:52:40 [Note]: 7026 0

03/15/08 19:52:48 [Note]: FSRAW library version 1.7.1024

03/15/08 20:01:11 [Note]: 7007 0

 

---------------------------------------------------------------------------------------------

 

Espero que essas informações sirvam para esclarecer um pouco mais o caso.

[DigRam 144]

Boa Noite! Deeplink

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite o Firewall e programas de proteção!

>@< Feche todas as janelas e execute a ferramenta!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

_________________________

 

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta.

 

Abraços!

[Deeplink 0]

Olá DigRam, segue abaixo o report conforme solicitado.

 

ComboFix 08-03-14.4 - Mateus e Maria 2008-03-15 21:48:46.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.599 [GMT -3:00]

Executando de: C:\Documents and Settings\Mateus e Maria\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

ADS - system32: deleted 235549 bytes in 1 streams.

ADS - svchost.exe: deleted 68 bytes in 1 streams.

ADS - ntoskrnl.exe: deleted 68 bytes in 1 streams.

ADS - explorer.exe: deleted 36 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\monitorado.dll

C:\WINDOWS\system32\atualmenteo.dll

C:\WINDOWS\system32\drivers\down

C:\WINDOWS\system32\drivers\down\1001750.exe

C:\WINDOWS\system32\drivers\down\1004093.exe

C:\WINDOWS\system32\drivers\down\1007984.exe

C:\WINDOWS\system32\drivers\down\1008609.exe

C:\WINDOWS\system32\drivers\down\1011234.exe

C:\WINDOWS\system32\drivers\down\1017234.exe

C:\WINDOWS\system32\drivers\down\1018000.exe

C:\WINDOWS\system32\drivers\down\1023968.exe

C:\WINDOWS\system32\drivers\down\1040750.exe

C:\WINDOWS\system32\drivers\down\1042265.exe

C:\WINDOWS\system32\drivers\down\1046125.exe

C:\WINDOWS\system32\drivers\down\1048343.exe

C:\WINDOWS\system32\drivers\down\1052531.exe

C:\WINDOWS\system32\drivers\down\1060234.exe

C:\WINDOWS\system32\drivers\down\1061578.exe

C:\WINDOWS\system32\drivers\down\1085187.exe

C:\WINDOWS\system32\drivers\down\1085656.exe

C:\WINDOWS\system32\drivers\down\1087359.exe

C:\WINDOWS\system32\drivers\down\1089125.exe

C:\WINDOWS\system32\drivers\down\1090656.exe

C:\WINDOWS\system32\drivers\down\1091953.exe

C:\WINDOWS\system32\drivers\down\1093078.exe

C:\WINDOWS\system32\drivers\down\1094062.exe

C:\WINDOWS\system32\drivers\down\1094984.exe

C:\WINDOWS\system32\drivers\down\1096062.exe

C:\WINDOWS\system32\drivers\down\1098296.exe

C:\WINDOWS\system32\drivers\down\1101812.exe

C:\WINDOWS\system32\drivers\down\1107140.exe

C:\WINDOWS\system32\drivers\down\1126875.exe

C:\WINDOWS\system32\drivers\down\1130703.exe

C:\WINDOWS\system32\drivers\down\1132203.exe

C:\WINDOWS\system32\drivers\down\1132703.exe

C:\WINDOWS\system32\drivers\down\1134640.exe

C:\WINDOWS\system32\drivers\down\1134750.exe

C:\WINDOWS\system32\drivers\down\1140031.exe

C:\WINDOWS\system32\drivers\down\1143765.exe

C:\WINDOWS\system32\drivers\down\1190375.exe

C:\WINDOWS\system32\drivers\down\1191625.exe

C:\WINDOWS\system32\drivers\down\1196937.exe

C:\WINDOWS\system32\drivers\down\1228484.exe

C:\WINDOWS\system32\drivers\down\1228546.exe

C:\WINDOWS\system32\drivers\down\1232921.exe

C:\WINDOWS\system32\drivers\down\1233984.exe

C:\WINDOWS\system32\drivers\down\1243375.exe

C:\WINDOWS\system32\drivers\down\1249328.exe

C:\WINDOWS\system32\drivers\down\1262406.exe

C:\WINDOWS\system32\drivers\down\1285953.exe

C:\WINDOWS\system32\drivers\down\1288328.exe

C:\WINDOWS\system32\drivers\down\1289578.exe

C:\WINDOWS\system32\drivers\down\1290906.exe

C:\WINDOWS\system32\drivers\down\1302656.exe

C:\WINDOWS\system32\drivers\down\1322156.exe

C:\WINDOWS\system32\drivers\down\1350734.exe

C:\WINDOWS\system32\drivers\down\1366437.exe

C:\WINDOWS\system32\drivers\down\1451312.exe

C:\WINDOWS\system32\drivers\down\1616937.exe

C:\WINDOWS\system32\drivers\down\1621609.exe

C:\WINDOWS\system32\drivers\down\1653625.exe

C:\WINDOWS\system32\drivers\down\1668000.exe

C:\WINDOWS\system32\drivers\down\1690562.exe

C:\WINDOWS\system32\drivers\down\1707859.exe

C:\WINDOWS\system32\drivers\down\1828750.exe

C:\WINDOWS\system32\drivers\down\1878000.exe

C:\WINDOWS\system32\drivers\down\1889953.exe

C:\WINDOWS\system32\drivers\down\1904546.exe

C:\WINDOWS\system32\drivers\down\1992640.exe

C:\WINDOWS\system32\drivers\down\2033843.exe

C:\WINDOWS\system32\drivers\down\2040890.exe

C:\WINDOWS\system32\drivers\down\2042937.exe

C:\WINDOWS\system32\drivers\down\2086890.exe

C:\WINDOWS\system32\drivers\down\2168921.exe

C:\WINDOWS\system32\drivers\down\2224531.exe

C:\WINDOWS\system32\drivers\down\620656.exe

C:\WINDOWS\system32\drivers\down\621453.exe

C:\WINDOWS\system32\drivers\down\622250.exe

C:\WINDOWS\system32\drivers\down\625765.exe

C:\WINDOWS\system32\drivers\down\627062.exe

C:\WINDOWS\system32\drivers\down\630953.exe

C:\WINDOWS\system32\drivers\down\631187.exe

C:\WINDOWS\system32\drivers\down\632609.exe

C:\WINDOWS\system32\drivers\down\633734.exe

C:\WINDOWS\system32\drivers\down\633890.exe

C:\WINDOWS\system32\drivers\down\635250.exe

C:\WINDOWS\system32\drivers\down\635828.exe

C:\WINDOWS\system32\drivers\down\638125.exe

C:\WINDOWS\system32\drivers\down\638156.exe

C:\WINDOWS\system32\drivers\down\638812.exe

C:\WINDOWS\system32\drivers\down\643781.exe

C:\WINDOWS\system32\drivers\down\649187.exe

C:\WINDOWS\system32\drivers\down\649609.exe

C:\WINDOWS\system32\drivers\down\649656.exe

C:\WINDOWS\system32\drivers\down\650109.exe

C:\WINDOWS\system32\drivers\down\653625.exe

C:\WINDOWS\system32\drivers\down\655593.exe

C:\WINDOWS\system32\drivers\down\661296.exe

C:\WINDOWS\system32\drivers\down\661453.exe

C:\WINDOWS\system32\drivers\down\670203.exe

C:\WINDOWS\system32\drivers\down\670750.exe

C:\WINDOWS\system32\drivers\down\672546.exe

C:\WINDOWS\system32\drivers\down\674015.exe

C:\WINDOWS\system32\drivers\down\677046.exe

C:\WINDOWS\system32\drivers\down\679453.exe

C:\WINDOWS\system32\drivers\down\679562.exe

C:\WINDOWS\system32\drivers\down\682593.exe

C:\WINDOWS\system32\drivers\down\685593.exe

C:\WINDOWS\system32\drivers\down\690734.exe

C:\WINDOWS\system32\drivers\down\695328.exe

C:\WINDOWS\system32\drivers\down\695640.exe

C:\WINDOWS\system32\drivers\down\695843.exe

C:\WINDOWS\system32\drivers\down\702593.exe

C:\WINDOWS\system32\drivers\down\708937.exe

C:\WINDOWS\system32\drivers\down\709437.exe

C:\WINDOWS\system32\drivers\down\710625.exe

C:\WINDOWS\system32\drivers\down\714500.exe

C:\WINDOWS\system32\drivers\down\722921.exe

C:\WINDOWS\system32\drivers\down\731593.exe

C:\WINDOWS\system32\drivers\down\745609.exe

C:\WINDOWS\system32\drivers\down\765812.exe

C:\WINDOWS\system32\drivers\down\768234.exe

C:\WINDOWS\system32\drivers\down\801281.exe

C:\WINDOWS\system32\drivers\down\808703.exe

C:\WINDOWS\system32\drivers\down\814609.exe

C:\WINDOWS\system32\drivers\down\817953.exe

C:\WINDOWS\system32\drivers\down\818343.exe

C:\WINDOWS\system32\drivers\down\820171.exe

C:\WINDOWS\system32\drivers\down\820625.exe

C:\WINDOWS\system32\drivers\down\839515.exe

C:\WINDOWS\system32\drivers\down\843046.exe

C:\WINDOWS\system32\drivers\down\852468.exe

C:\WINDOWS\system32\drivers\down\853687.exe

C:\WINDOWS\system32\drivers\down\854640.exe

C:\WINDOWS\system32\drivers\down\866765.exe

C:\WINDOWS\system32\drivers\down\870859.exe

C:\WINDOWS\system32\drivers\down\871734.exe

C:\WINDOWS\system32\drivers\down\878234.exe

C:\WINDOWS\system32\drivers\down\880453.exe

C:\WINDOWS\system32\drivers\down\883109.exe

C:\WINDOWS\system32\drivers\down\889781.exe

C:\WINDOWS\system32\drivers\down\905078.exe

C:\WINDOWS\system32\drivers\down\909109.exe

C:\WINDOWS\system32\drivers\down\910578.exe

C:\WINDOWS\system32\drivers\down\924656.exe

C:\WINDOWS\system32\drivers\down\928796.exe

C:\WINDOWS\system32\drivers\down\929421.exe

C:\WINDOWS\system32\drivers\down\932015.exe

C:\WINDOWS\system32\drivers\down\942953.exe

C:\WINDOWS\system32\drivers\down\949031.exe

C:\WINDOWS\system32\drivers\down\954140.exe

C:\WINDOWS\system32\drivers\down\954531.exe

C:\WINDOWS\system32\drivers\down\961375.exe

C:\WINDOWS\system32\drivers\down\964265.exe

C:\WINDOWS\system32\drivers\down\964531.exe

C:\WINDOWS\system32\drivers\down\972625.exe

C:\WINDOWS\system32\drivers\down\974734.exe

C:\WINDOWS\system32\drivers\down\976421.exe

C:\WINDOWS\system32\drivers\down\979406.exe

C:\WINDOWS\system32\drivers\down\980234.exe

C:\WINDOWS\system32\drivers\down\984671.exe

C:\WINDOWS\system32\drivers\down\990125.exe

C:\WINDOWS\system32\gbiehcef.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\nm

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-02-16 to 2008-03-16 ))))))))))))))))))))))))))))))))

.

 

2008-03-15 21:52 . 2008-03-15 21:52 <DIR> d-------- C:\WINDOWS\system32\drivers\down

2008-03-15 21:51 . 2008-03-15 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-03-15 21:51 . 2008-03-15 21:51 7,818 --a------ C:\WINDOWS\system32\Cef.gpc

2008-03-15 21:43 . 2008-03-15 21:43 <DIR> d-------- C:\WINDOWS\LastGood.Tmp

2008-03-15 19:52 . 2008-03-15 19:52 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2008-03-15 19:51 . 2008-03-15 19:52 <DIR> d-------- C:\FSBlackLight

2008-03-15 19:37 . 2007-04-29 12:57 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-03-15 19:37 . 2007-04-29 09:50 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-03-15 19:37 . 2007-04-29 09:50 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-03-15 19:37 . 2007-04-29 09:50 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-03-15 19:37 . 2007-04-29 09:50 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-03-15 19:37 . 2008-03-15 19:37 <DIR> d--h----- C:\Documents and Settings\Administrador\Configura‡äes locais

2008-03-15 19:37 . 2007-04-29 09:50 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-03-15 19:37 . 2007-04-29 09:50 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressÆo

2008-03-15 19:01 . 2008-03-15 19:01 <DIR> d-------- C:\Muestras

2008-03-15 14:24 . 2008-03-15 14:24 29,134 --a------ C:\Profile.jpg

2008-03-15 12:35 . 2008-03-15 12:36 <DIR> d-------- C:\Teste

2008-03-14 23:08 . 2008-03-14 23:09 <DIR> d-------- C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\Simply Super Software

2008-03-14 23:08 . 2008-03-14 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Simply Super Software

2008-03-14 23:08 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll

2008-03-14 23:08 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll

2008-03-14 23:08 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll

2008-03-14 23:08 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2008-03-14 23:08 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll

2008-03-14 22:05 . 2008-03-14 22:05 <DIR> d-------- C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\MakeUpPilot

2008-03-14 22:03 . 2008-03-14 22:03 <DIR> d-------- C:\Arquivos de programas\MakeUp Pilot

2008-03-14 21:16 . 2002-08-29 02:32 135,552 --a------ C:\WINDOWS\system32\drivers\usbport.sys

2008-03-14 21:16 . 2002-08-29 02:32 135,552 --a------ C:\WINDOWS\system32\drivers\OLD8C.tmp

2008-03-14 21:16 . 2002-08-29 02:32 135,552 --a--c--- C:\WINDOWS\system32\dllcache\usbport.sys

2008-03-14 21:11 . 2008-03-14 21:14 <DIR> d-------- C:\fixwareout

2008-03-14 21:06 . 2008-03-14 21:21 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-03-14 21:05 . 2008-03-14 21:05 <DIR> d-------- C:\LinhaDefensiva

2008-03-14 10:35 . 2008-03-14 10:35 <DIR> d-------- C:\WINDOWS\system32\Downloads

2008-03-13 23:48 . 2008-03-13 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles

2008-03-13 22:55 . 2008-03-13 22:55 281,600 ---hs---- C:\WINDOWS\system32\nortons.exe

2008-03-13 22:54 . 2008-03-13 22:55 745,984 --a------ C:\WINDOWS\system32\IEXPLORES.EXE

2008-03-13 22:34 . 2008-03-15 15:02 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-03-13 20:52 . 2008-03-13 20:52 <DIR> d-------- C:\Arquivos de programas\Image Doctor

2008-03-13 12:12 . 2008-03-13 12:12 <DIR> d-------- C:\Arquivos de programas\NeroInstall.bak

2008-03-13 11:54 . 2008-03-13 11:54 <DIR> d-------- C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\Nero

2008-03-13 11:51 . 2008-03-13 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-03-13 11:51 . 2008-03-13 11:51 <DIR> d-------- C:\Arquivos de programas\Nero

2008-03-13 11:51 . 2008-03-13 11:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nero

2008-03-12 15:31 . 2008-03-12 15:31 528 -r-hs---- C:\WINDOWS\PCGWIN32.LI4

2008-03-09 20:59 . 2008-03-09 20:59 1,190 --a------ C:\WINDOWS\mozver.dat

2008-03-09 20:49 . 2008-03-09 20:49 <DIR> d-------- C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\Talkback

2008-03-09 20:49 . 2008-03-09 20:49 0 --a------ C:\WINDOWS\nsreg.dat

2008-03-08 01:21 . 2008-03-08 01:21 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-03-04 12:17 . 2008-03-04 12:17 <DIR> d-------- C:\videooutput

2008-03-04 12:17 . 2008-03-04 12:17 <DIR> d-------- C:\Arquivos de programas\Smallvideosoft

2008-03-04 12:17 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll

2008-03-04 12:17 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll

2008-03-04 12:17 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll

2008-03-02 12:10 . 2007-12-04 10:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-03-02 12:10 . 2007-12-04 12:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-02 12:10 . 2007-12-04 12:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-03-02 12:10 . 2007-12-04 12:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-02 12:10 . 2007-12-04 12:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-02 12:10 . 2007-12-04 12:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-02 12:09 . 2008-03-02 12:09 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-03-02 12:09 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-03-02 12:09 . 2007-12-04 11:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-03-02 12:09 . 2004-01-09 07:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-03-02 00:04 . 2008-03-02 00:04 7,680 --a------ C:\WINDOWS\system32\drivers\ntfs64.sys

2008-03-01 14:08 . 2008-03-01 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-03-01 14:04 . 2008-03-01 14:04 <DIR> d-------- C:\Arquivos de programas\FLV Player

2008-02-28 19:28 . 2007-12-10 14:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb

2008-02-28 17:38 . 2008-02-28 17:38 972,072 --a------ C:\WINDOWS\UNNeroMediaHome.exe

2008-02-26 16:14 . 2008-02-26 16:14 972,072 --a------ C:\WINDOWS\UNRecode.exe

2008-02-22 10:49 . 2008-02-22 10:49 <DIR> d-------- C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\gslist

2008-02-19 14:35 . 2008-02-19 14:37 <DIR> d-------- C:\Arquivos de programas\Anti-Blaxx 1.18

2008-02-19 14:35 . 2004-03-09 01:00 152,848 --a------ C:\WINDOWS\system32\comdlg32.ocx

2008-02-19 14:22 . 2008-02-26 23:16 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-02-19 14:22 . 2008-02-20 19:37 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-02-19 14:22 . 2008-02-26 23:16 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-02-19 14:09 . 2008-02-20 19:37 674,600 --a------ C:\WINDOWS\system32\pbsvc.exe

2008-02-19 14:08 . 2008-02-26 23:16 22,328 --a------ C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\PnkBstrK.sys

2008-02-19 13:56 . 2008-03-09 20:17 <DIR> dr------- C:\Inicializar

2008-02-18 16:21 . 2008-02-18 16:21 132,904 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys

2008-02-18 16:21 . 2008-02-18 16:21 11,304 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys

2008-02-18 16:04 . 2008-02-18 16:04 95,600 --a------ C:\WINDOWS\system32\NeroCo.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-15 23:12 --------- d-----w C:\Arquivos de programas\eMule

2008-03-15 15:10 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-03-15 00:43 --------- d-----w C:\Arquivos de programas\Game Accelerator

2008-03-14 15:06 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-03-13 17:44 --------- d-----w C:\Arquivos de programas\Imperia Online

2008-03-12 17:23 --------- d-----w C:\Arquivos de programas\MansionPoker

2008-03-09 23:48 --------- d-----w C:\Arquivos de programas\Everest Poker

2008-03-09 22:37 --------- d-----w C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\Hamachi

2008-03-04 14:58 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-03-03 16:58 --------- d-----w C:\Arquivos de programas\OAA2

2008-02-19 23:29 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-02-16 22:18 --------- d-----w C:\Arquivos de programas\Gold Miner

2008-02-15 17:45 --------- d-----w C:\Arquivos de programas\Hamachi

2008-02-15 17:44 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys

2008-02-14 19:11 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-02-14 15:50 --------- d-----w C:\Arquivos de programas\BfSV

2008-02-12 12:30 --------- d-----w C:\Arquivos de programas\PartyGaming

2008-02-10 21:32 --------- d-----w C:\Arquivos de programas\WorldTradePoker

2008-02-09 20:03 --------- d-----w C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\teamspeak2

2008-02-09 20:03 --------- d-----w C:\Arquivos de programas\Teamspeak2_RC2

2008-02-01 03:25 --------- d-----w C:\Arquivos de programas\Data Realms

2008-01-31 08:58 --------- d-----w C:\Arquivos de programas\PokerLoco

2008-01-29 17:27 --------- d-----w C:\Arquivos de programas\PokerStrategy

2008-01-23 18:50 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\SRSLabs

2008-01-23 18:49 --------- d-----w C:\Arquivos de programas\SRSLabs

2008-01-23 18:49 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SRS

2008-01-23 02:33 --------- d-----w C:\Arquivos de programas\Gold Miner Special Edition

2008-01-22 04:59 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia

2008-01-21 18:26 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Office Genuine Advantage

2008-01-18 19:15 497,728 ----a-w C:\MoonShell_EZSD_EZ Flash 4 (SD Card).nds.bin

2008-01-09 18:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe

2007-05-05 19:17 17,144 ----a-w C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\GDIPFONTCACHEV1.DAT

.

 

------- Sigcheck -------

 

2007-02-28 13:02 2339584 298518b729020450823aaf9375df7b84 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

2007-02-28 13:02 2339584 298518b729020450823aaf9375df7b84 C:\WINDOWS\system32\ntoskrnl.exe

2007-02-28 13:02 2339584 298518b729020450823aaf9375df7b84 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-02-28 13:02 2339584 298518b729020450823aaf9375df7b84 C:\WINDOWS\VIPv3\backup\ntoskrnl.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-08-15 10:56 5674352]

"Steam"="e:\arquivos de programas\valve\steam\steam.exe" [2007-12-19 18:55 1266936]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

"Microsoft Internet Explorer"="C:\windows\system32\IEXPLORES.EXE" [2008-03-13 22:55 745984]

"Firewal"="C:\WINDOWS\system32\nortons.exe" [2008-03-13 22:55 281600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools"="e:\Arquivos de programas\DAEMON Tools\daemon.exe" [2006-09-14 17:09 157592]

"PC Booster"="C:\Arquivos de programas\inKline Global\PC Booster\pcbooster.exe" [2005-09-07 03:06 647168]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"GameXL"="C:\Arquivos de programas\Game Accelerator\gamexl.exe" [2008-01-24 02:20 155648]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-15 18:55 79224]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]

"NBKeyScan"="C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"RunStartupScriptSync"= 0 (0x0)

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoChangeAnimation"= 1 (0x1)

"NoStrCmpLogical"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"MemCheckBoxInRunDlg"= 1 (0x1)

"NoStrCmpLogical"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Antigo Drive D\\Arquivos de programas\\BitComet\\BitComet.exe"=

"C:\\Arquivos de programas\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=

"E:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\deeplink\\counter-strike source\\hl2.exe"=

"E:\\Arquivos de programas\\Valve\\Steam\\Steam.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"E:\\Arquivos de programas\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"E:\\Arquivos de programas\\EA GAMES\\Battlefield 2\\pb\\PnkBstrB.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"E:\\Arquivos de programas\\EA GAMES\\Battlefield 2\\BF2.exe"=

"C:\\GunSoft\\Last War\\LW.exe"=

"C:\\Arquivos de programas\\Arquivos comuns\\Nero\\Nero Web\\SetupX.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26609:TCP"= 26609:TCP:BitComet 26609 TCP

"26609:UDP"= 26609:UDP:BitComet 26609 UDP

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"27900:UDP"= 27900:UDP:UDP 27900

"29900:TCP"= 29900:TCP:UDP/TCP 29900

"29900:UDP"= 29900:UDP:29900

"80:TCP"= 80:TCP:TCP 80

"4711:TCP"= 4711:TCP:TCP 4711

"29901:TCP"= 29901:TCP:TCP 29901

"1500:UDP"= 1500:UDP:UDP 1500-4999

"4999:UDP"= 4999:UDP:UDP 4999

"1024:UDP"= 1024:UDP:UDP

"1024:TCP"= 1024:TCP:TCP 1024

"1124:TCP"= 1124:TCP:UDP 1124

"1124:UDP"= 1124:UDP:TCP 1124

"28910:UDP"= 28910:UDP:UDP 28910

"16567:UDP"= 16567:UDP:UDP 16567

"55123:UDP"= 55123:UDP:UDP 55123

"55125:UDP"= 55125:UDP:UDP

 

R0 ntfs64;ntfs64;C:\WINDOWS\system32\drivers\ntfs64.sys [2008-03-02 00:04]

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-09-09 09:47]

S2 EZWRIT3;EZWRIT3;C:\WINDOWS\system32\Drivers\ezwrit3.sys [2006-01-12 15:00]

S3 APLOADER;APLOADER;C:\WINDOWS\system32\drivers\ApLoader.sys [2005-10-18 17:00]

S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c8c2fb2-56e8-11dc-b04f-00eeb1019c24}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{97317135-AC06-E7DA-E5BC-088DD99ED025}]

C:\WINDOWS\system32:msnsrve.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-15 21:52:59

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-03-15 21:58:37 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-16 00:58:35

.

2008-03-15 22:52:17 --- E O F ---

[DigRam 144]

Boa Noite! Deeplink

 

>@< Faça o download do BankerFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e o navegador,ao rodar o BankerFix.

>@< Desabilite,se possível,as proteções residente de AntiVírus e AntiSpywares.

>@< Dê um duplo clique no Bankerfix.exe,depois Enter.

>@< Aguarde!Ao terminar,leia a mensagem na tela ( Dos ),e dê Enter,novamente.

_________________________

 

>@< Poste o relatorio.txt do BankerFix,que está em C:\LinhaDefensiva\relatorio.txt

 

Abraços!

[Deeplink 0]

Bom dia DigRam

 

Obtive esse relatório com o bankerfix:

 

BankerFix 2.5b - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 16/3/2008 - 10:28

-------------------------------------------------------

Lista de Definição: 2008-02-22-1

=======================================================

 

Arquivo infectado detectado: C:\WINDOWS\system32\IEXPLORES.EXE

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\nortons.exe

Arquivo infectado removido com sucesso!

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

 

----- Fim -------------------------

[DigRam 144]

Bom Dia! Deeplink

 

Delete:

 

C:\QooBox

C:\ComboFix.txt << Log anterior do ComboFix.

__________________

 

>@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\WINDOWS\system32\drivers\ntfs64.sys

C:\WINDOWS\system32:msnsrve.exe

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c8c2fb2-56e8-11dc-b04f-00eeb1019c24}]

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{97317135-AC06-E7DA-E5BC-088DD99ED025}]

Folder::

C:\WINDOWS\system32\drivers\down

C:\LinhaDefensiva

C:\Muestras

Driver::

"ntfs64"

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Veja a demonstração!

 

 

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório C:\ComboFix.txt

 

Abraços!

[Deeplink 0]

Boa noite DigRam

 

Parece que o problema ta resolvido, pelo menos o comp voltou a disligar normal, não aparece mais nas tarefas aqueles auto beleza cutcutado, segue abaixo o conteúdo pedido:

 

ComboFix 08-03-14.4 - Mateus e Maria 2008-03-16 22:43:48.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.544 [GMT -3:00]

Executando de: C:\Documents and Settings\Mateus e Maria\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Mateus e Maria\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\system32:msnsrve.exe

C:\WINDOWS\system32\drivers\ntfs64.sys

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\LinhaDefensiva

C:\LinhaDefensiva\backup.reg

C:\LinhaDefensiva\banker.bat

C:\LinhaDefensiva\bankerfix.vbs

C:\LinhaDefensiva\download.exe

C:\LinhaDefensiva\fx.reg

C:\LinhaDefensiva\Iniciar-BankerFix.vbs

C:\LinhaDefensiva\md5.exe

C:\LinhaDefensiva\pv.exe

C:\LinhaDefensiva\QUA\1\system32\IEXPLORES.EXE

C:\LinhaDefensiva\QUA\1\system32\nortons.exe

C:\LinhaDefensiva\ref-allu

C:\LinhaDefensiva\ref-commonfiles

C:\LinhaDefensiva\ref-hosts

C:\LinhaDefensiva\ref-md5

C:\LinhaDefensiva\ref-mydoc

C:\LinhaDefensiva\ref-profile

C:\LinhaDefensiva\ref-programfiles

C:\LinhaDefensiva\ref-reg

C:\LinhaDefensiva\ref-start

C:\LinhaDefensiva\ref-startup

C:\LinhaDefensiva\ref-sysdrive

C:\LinhaDefensiva\ref-system

C:\LinhaDefensiva\ref-system32

C:\LinhaDefensiva\ref-tasks

C:\LinhaDefensiva\ref-temp

C:\LinhaDefensiva\ref-wincommon

C:\LinhaDefensiva\ref-windows

C:\LinhaDefensiva\reft-startup

C:\LinhaDefensiva\RegKeys.txt

C:\LinhaDefensiva\regremove

C:\LinhaDefensiva\relatorio.txt

C:\LinhaDefensiva\removidos

C:\LinhaDefensiva\unzip.exe

C:\LinhaDefensiva\VERSION

C:\LinhaDefensiva\webversion.info

C:\Muestras

C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.15

C:\Muestras\SROSA.SYS.Muestra EliBagle v11.15

C:\WINDOWS\system32\atualmenteo.dll

C:\WINDOWS\system32\drivers\down

C:\WINDOWS\system32\drivers\ntfs64.sys

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\LEGACY_NTFS64

-------\ntfs64

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-02-17 to 2008-03-17 ))))))))))))))))))))))))))))))))

.

 

2008-03-16 10:33 . 2008-03-16 10:33 <DIR> d-------- C:\WINDOWS\LastGood.Tmp

2008-03-15 21:58 . 2008-03-15 21:58 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais

2008-03-15 21:58 . 2008-03-15 21:58 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais

2008-03-15 21:58 . 2008-03-15 21:58 <DIR> d-------- C:\Documents and Settings\Mateus e Maria\Configurações locais

2008-03-15 21:58 . 2008-03-15 21:58 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais

2008-03-15 21:58 . 2008-03-15 21:58 <DIR> d-------- C:\Documents and Settings\Administrador\Configurações locais

2008-03-15 21:51 . 2008-03-15 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-03-15 21:51 . 2008-03-15 21:51 7,818 --a------ C:\WINDOWS\system32\Cef.gpc

2008-03-15 19:52 . 2008-03-15 19:52 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2008-03-15 19:51 . 2008-03-15 19:52 <DIR> d-------- C:\FSBlackLight

2008-03-15 19:37 . 2007-04-29 12:57 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-03-15 19:37 . 2007-04-29 09:50 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-03-15 19:37 . 2007-04-29 09:50 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-03-15 19:37 . 2007-04-29 09:50 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-03-15 19:37 . 2007-04-29 09:50 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-03-15 19:37 . 2008-03-15 19:37 <DIR> d--h----- C:\Documents and Settings\Administrador\Configura‡äes locais

2008-03-15 19:37 . 2007-04-29 09:50 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-03-15 19:37 . 2007-04-29 09:50 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressÆo

2008-03-15 14:24 . 2008-03-15 14:24 29,134 --a------ C:\Profile.jpg

2008-03-15 12:35 . 2008-03-15 22:25 <DIR> d-------- C:\Teste

2008-03-14 23:08 . 2008-03-14 23:09 <DIR> d-------- C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\Simply Super Software

2008-03-14 23:08 . 2008-03-14 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Simply Super Software

2008-03-14 23:08 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll

2008-03-14 23:08 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll

2008-03-14 23:08 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll

2008-03-14 23:08 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2008-03-14 23:08 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll

2008-03-14 22:05 . 2008-03-14 22:05 <DIR> d-------- C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\MakeUpPilot

2008-03-14 22:03 . 2008-03-14 22:03 <DIR> d-------- C:\Arquivos de programas\MakeUp Pilot

2008-03-14 21:16 . 2002-08-29 02:32 142,976 --a------ C:\WINDOWS\system32\drivers\usbport.sys

2008-03-14 21:16 . 2002-08-29 02:32 142,976 --a--c--- C:\WINDOWS\system32\dllcache\usbport.sys

2008-03-14 21:16 . 2002-08-29 02:32 135,552 --a------ C:\WINDOWS\system32\drivers\OLD8C.tmp

2008-03-14 21:11 . 2008-03-14 21:14 <DIR> d-------- C:\fixwareout

2008-03-14 21:06 . 2008-03-14 21:21 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-03-14 10:35 . 2008-03-14 10:35 <DIR> d-------- C:\WINDOWS\system32\Downloads

2008-03-13 23:48 . 2008-03-13 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles

2008-03-13 22:34 . 2008-03-15 15:02 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-03-13 20:52 . 2008-03-13 20:52 <DIR> d-------- C:\Arquivos de programas\Image Doctor

2008-03-13 12:12 . 2008-03-13 12:12 <DIR> d-------- C:\Arquivos de programas\NeroInstall.bak

2008-03-13 11:54 . 2008-03-13 11:54 <DIR> d-------- C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\Nero

2008-03-13 11:51 . 2008-03-13 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-03-13 11:51 . 2008-03-13 11:51 <DIR> d-------- C:\Arquivos de programas\Nero

2008-03-13 11:51 . 2008-03-13 11:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nero

2008-03-12 15:31 . 2008-03-12 15:31 528 -r-hs---- C:\WINDOWS\PCGWIN32.LI4

2008-03-09 20:59 . 2008-03-09 20:59 1,190 --a------ C:\WINDOWS\mozver.dat

2008-03-09 20:49 . 2008-03-09 20:49 <DIR> d-------- C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\Talkback

2008-03-09 20:49 . 2008-03-09 20:49 0 --a------ C:\WINDOWS\nsreg.dat

2008-03-08 01:21 . 2008-03-08 01:21 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-03-04 12:17 . 2008-03-04 12:17 <DIR> d-------- C:\videooutput

2008-03-04 12:17 . 2008-03-04 12:17 <DIR> d-------- C:\Arquivos de programas\Smallvideosoft

2008-03-04 12:17 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll

2008-03-04 12:17 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll

2008-03-04 12:17 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll

2008-03-02 12:10 . 2007-12-04 10:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-03-02 12:10 . 2007-12-04 12:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-02 12:10 . 2007-12-04 12:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-03-02 12:10 . 2007-12-04 12:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-02 12:10 . 2007-12-04 12:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-02 12:10 . 2007-12-04 12:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-02 12:09 . 2008-03-02 12:09 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-03-02 12:09 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-03-02 12:09 . 2007-12-04 11:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-03-02 12:09 . 2004-01-09 07:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-03-01 14:08 . 2008-03-01 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-03-01 14:04 . 2008-03-01 14:04 <DIR> d-------- C:\Arquivos de programas\FLV Player

2008-02-28 19:28 . 2007-12-10 14:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb

2008-02-28 17:38 . 2008-02-28 17:38 972,072 --a------ C:\WINDOWS\UNNeroMediaHome.exe

2008-02-26 16:14 . 2008-02-26 16:14 972,072 --a------ C:\WINDOWS\UNRecode.exe

2008-02-22 10:49 . 2008-02-22 10:49 <DIR> d-------- C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\gslist

2008-02-19 14:35 . 2008-02-19 14:37 <DIR> d-------- C:\Arquivos de programas\Anti-Blaxx 1.18

2008-02-19 14:35 . 2004-03-09 01:00 152,848 --a------ C:\WINDOWS\system32\comdlg32.ocx

2008-02-19 14:22 . 2008-02-26 23:16 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-02-19 14:22 . 2008-02-20 19:37 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-02-19 14:22 . 2008-02-26 23:16 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-02-19 14:09 . 2008-02-20 19:37 674,600 --a------ C:\WINDOWS\system32\pbsvc.exe

2008-02-19 14:08 . 2008-02-26 23:16 22,328 --a------ C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\PnkBstrK.sys

2008-02-19 13:56 . 2008-03-09 20:17 <DIR> dr------- C:\Inicializar

2008-02-18 16:21 . 2008-02-18 16:21 132,904 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys

2008-02-18 16:21 . 2008-02-18 16:21 11,304 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys

2008-02-18 16:04 . 2008-02-18 16:04 95,600 --a------ C:\WINDOWS\system32\NeroCo.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-16 23:27 --------- d-----w C:\Arquivos de programas\eMule

2008-03-15 15:10 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-03-15 00:43 --------- d-----w C:\Arquivos de programas\Game Accelerator

2008-03-14 15:06 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-03-13 17:44 --------- d-----w C:\Arquivos de programas\Imperia Online

2008-03-12 17:23 --------- d-----w C:\Arquivos de programas\MansionPoker

2008-03-09 23:48 --------- d-----w C:\Arquivos de programas\Everest Poker

2008-03-09 22:37 --------- d-----w C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\Hamachi

2008-03-04 14:58 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-03-03 16:58 --------- d-----w C:\Arquivos de programas\OAA2

2008-02-19 23:29 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-02-16 22:18 --------- d-----w C:\Arquivos de programas\Gold Miner

2008-02-15 17:45 --------- d-----w C:\Arquivos de programas\Hamachi

2008-02-15 17:44 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys

2008-02-14 19:11 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-02-14 15:50 --------- d-----w C:\Arquivos de programas\BfSV

2008-02-12 12:30 --------- d-----w C:\Arquivos de programas\PartyGaming

2008-02-10 21:32 --------- d-----w C:\Arquivos de programas\WorldTradePoker

2008-02-09 20:03 --------- d-----w C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\teamspeak2

2008-02-09 20:03 --------- d-----w C:\Arquivos de programas\Teamspeak2_RC2

2008-02-01 03:25 --------- d-----w C:\Arquivos de programas\Data Realms

2008-01-31 08:58 --------- d-----w C:\Arquivos de programas\PokerLoco

2008-01-29 17:27 --------- d-----w C:\Arquivos de programas\PokerStrategy

2008-01-23 18:50 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\SRSLabs

2008-01-23 18:49 --------- d-----w C:\Arquivos de programas\SRSLabs

2008-01-23 18:49 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SRS

2008-01-23 02:33 --------- d-----w C:\Arquivos de programas\Gold Miner Special Edition

2008-01-22 04:59 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia

2008-01-21 18:26 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Office Genuine Advantage

2008-01-18 19:15 497,728 ----a-w C:\MoonShell_EZSD_EZ Flash 4 (SD Card).nds.bin

2008-01-09 18:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe

2007-05-05 19:17 17,144 ----a-w C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\GDIPFONTCACHEV1.DAT

.

 

------- Sigcheck -------

 

2007-02-28 13:02 2339584 298518b729020450823aaf9375df7b84 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

2007-02-28 13:02 2339584 298518b729020450823aaf9375df7b84 C:\WINDOWS\system32\ntoskrnl.exe

2007-02-28 13:02 2339584 298518b729020450823aaf9375df7b84 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-02-28 13:02 2339584 298518b729020450823aaf9375df7b84 C:\WINDOWS\VIPv3\backup\ntoskrnl.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-08-15 10:56 5674352]

"Steam"="e:\arquivos de programas\valve\steam\steam.exe" [2007-12-19 18:55 1266936]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools"="e:\Arquivos de programas\DAEMON Tools\daemon.exe" [2006-09-14 17:09 157592]

"PC Booster"="C:\Arquivos de programas\inKline Global\PC Booster\pcbooster.exe" [2005-09-07 03:06 647168]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"GameXL"="C:\Arquivos de programas\Game Accelerator\gamexl.exe" [2008-01-24 02:20 155648]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-15 18:55 79224]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]

"NBKeyScan"="C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"RunStartupScriptSync"= 0 (0x0)

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoChangeAnimation"= 1 (0x1)

"NoStrCmpLogical"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"MemCheckBoxInRunDlg"= 1 (0x1)

"NoStrCmpLogical"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Antigo Drive D\\Arquivos de programas\\BitComet\\BitComet.exe"=

"C:\\Arquivos de programas\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=

"E:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\deeplink\\counter-strike source\\hl2.exe"=

"E:\\Arquivos de programas\\Valve\\Steam\\Steam.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"E:\\Arquivos de programas\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"E:\\Arquivos de programas\\EA GAMES\\Battlefield 2\\pb\\PnkBstrB.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"E:\\Arquivos de programas\\EA GAMES\\Battlefield 2\\BF2.exe"=

"C:\\GunSoft\\Last War\\LW.exe"=

"C:\\Arquivos de programas\\Arquivos comuns\\Nero\\Nero Web\\SetupX.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26609:TCP"= 26609:TCP:BitComet 26609 TCP

"26609:UDP"= 26609:UDP:BitComet 26609 UDP

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"27900:UDP"= 27900:UDP:UDP 27900

"29900:TCP"= 29900:TCP:UDP/TCP 29900

"29900:UDP"= 29900:UDP:29900

"80:TCP"= 80:TCP:TCP 80

"4711:TCP"= 4711:TCP:TCP 4711

"29901:TCP"= 29901:TCP:TCP 29901

"1500:UDP"= 1500:UDP:UDP 1500-4999

"4999:UDP"= 4999:UDP:UDP 4999

"1024:UDP"= 1024:UDP:UDP

"1024:TCP"= 1024:TCP:TCP 1024

"1124:TCP"= 1124:TCP:UDP 1124

"1124:UDP"= 1124:UDP:TCP 1124

"28910:UDP"= 28910:UDP:UDP 28910

"16567:UDP"= 16567:UDP:UDP 16567

"55123:UDP"= 55123:UDP:UDP 55123

"55125:UDP"= 55125:UDP:UDP

 

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-09-09 09:47]

S2 EZWRIT3;EZWRIT3;C:\WINDOWS\system32\Drivers\ezwrit3.sys [2006-01-12 15:00]

S3 APLOADER;APLOADER;C:\WINDOWS\system32\drivers\ApLoader.sys [2005-10-18 17:00]

S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-16 22:48:12

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]

-> C:\Arquivos de programas\WinRAR\rarext.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-03-16 22:54:07 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-17 01:54:05

ComboFix2.txt 2008-03-16 00:58:38

.

2008-03-15 22:52:17 --- E O F ---

[DigRam 144]

Bom Dia! Deeplink

 

>@< Faça o download do UnHook.

>@< Baixe-o para o Desktop!

>@< Execute,agora,a ferramenta da Symantec. ( UnHookExec.inf )

>@< Clique com o direito,do mouse >> Clique em Instalar.

>@< Reinicie o computador!

_______________________

 

BAIXE: < HijackThis 2.0.2 >

_______________________

 

>@< Salve-o no Disco Local-C e,descompacte-o aí mesmo,para uma pasta própria.

>@< Veja se já pode instalar e executar,o HijackThis.

>@< Clique em: Do a system scan and save a logfile

>@< Poste,então,este relatório ( Log ) na sua resposta.

 

Abraços!

[Deeplink 0]

Ola DigRam

 

Segue o relatório do Hijack...

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:52:00, on 17/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

E:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Game Accelerator\gamexl.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\defrag.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

E:\arquivos de programas\valve\steam\steam.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\DfrgNtfs.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\dxdiag.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Antigo Drive D\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - C:\WINDOWS\gbiehbsb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [DAEMON Tools] "e:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [PC Booster] C:\Arquivos de programas\inKline Global\PC Booster\pcbooster.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [GameXL] "C:\Arquivos de programas\Game Accelerator\gamexl.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "e:\arquivos de programas\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKLM\..\Policies\Explorer\Run: [gbieh.1] rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Antigo Drive D\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Convert to PDF - {410C30C7-098A-4090-928E-F1D356D34C7F} - C:\WINDOWS\system32\shdocvw.dll (HKCU)

O9 - Extra 'Tools' menuitem: Convert to PDF using HTML2PDF Pilot... - {410C30C7-098A-4090-928E-F1D356D34C7F} - C:\WINDOWS\system32\shdocvw.dll (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0972B8D1-780B-48B4-B271-D2A952F38475}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{0972B8D1-780B-48B4-B271-D2A952F38475}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS2\Services\Tcpip\..\{0972B8D1-780B-48B4-B271-D2A952F38475}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 9814 bytes

[Deeplink 0]

Ola DigRam, acho que pode ajudar também, notei agora a noite que não posso mais entrar no orkut, porque diz que ta com virus, não pude mandar e-mail também porque o hotmail disse que minha cota de e-mails nas 24 horas já esgotou.

 

Ta abrindo um monte de janelinhas de erro de um tal de DXDIAG. Da uma mensagem de invalid file format que fica aparecendo no desktop...

[DigRam 144]

Boa Noite! Deeplink

 

>@< Opa! Meu amigo,existem novas infecções...vamos remove-las?

__________________________

 

Delete:

 

C:\QooBox

C:\ComboFix.txt << Log anterior do ComboFix.

__________________________

 

>@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\WINDOWS\dxdiag.exe

C:\WINDOWS\svcpool.dll

C:\WINDOWS\gbiehbsb.dll

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"=-

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

 

 

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Caso não reinicie,faça-o manualmente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

[Deeplink 0]

Ola amigão, vamos la, estou dando o maior trabalho né...

 

ComboFix 08-03-14.4 - Mateus e Maria 2008-03-18 0:11:46.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.591 [GMT -3:00]

Executando de: C:\Documents and Settings\Mateus e Maria\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Mateus e Maria\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\dxdiag.exe

C:\WINDOWS\gbiehbsb.dll

C:\WINDOWS\svcpool.dll

.

The following files were disabled during the run:

C:\WINDOWS\svcpool.dll

 

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\gbiehbsb.dll

C:\WINDOWS\svcpool.dll

C:\WINDOWS\system32\drivers\down

C:\WINDOWS\winhlp.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-18 to 2008-03-18 ))))))))))))))))))))))))))))))))

.

 

2008-03-18 00:07 . 2008-03-18 00:07 <DIR> d-------- C:\WINDOWS\LastGood.Tmp

2008-03-18 00:04 . 2008-03-18 00:11 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS

2008-03-17 23:04 . 2008-03-17 23:51 1,305,600 --a------ C:\eticaprofissional1.ppt

2008-03-17 18:51 . 2008-03-17 18:51 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-03-17 18:51 . 2008-03-18 00:03 0 --a------ C:\WINDOWS\svchost_

2008-03-17 09:02 . 2008-03-17 17:49 18,064 --a------ C:\WINDOWS\mssnmsgr.dll

2008-03-17 08:42 . 2008-03-17 08:42 <DIR> d-------- C:\WINDOWS\_tmp

2008-03-17 08:35 . 2008-03-17 18:46 0 --a------ C:\WINDOWS\svchost

2008-03-15 21:58 . 2008-03-16 22:54 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais

2008-03-15 21:58 . 2008-03-16 22:54 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais

2008-03-15 21:58 . 2008-03-16 22:54 <DIR> d-------- C:\Documents and Settings\Mateus e Maria\Configurações locais

2008-03-15 21:58 . 2008-03-16 22:54 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais

2008-03-15 21:58 . 2008-03-16 22:54 <DIR> d-------- C:\Documents and Settings\Administrador\Configurações locais

2008-03-15 21:51 . 2008-03-15 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-03-15 21:51 . 2008-03-15 21:51 7,818 --a------ C:\WINDOWS\system32\Cef.gpc

2008-03-15 19:52 . 2008-03-15 19:52 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2008-03-15 19:51 . 2008-03-15 19:52 <DIR> d-------- C:\FSBlackLight

2008-03-15 19:37 . 2007-04-29 12:57 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-03-15 19:37 . 2007-04-29 09:50 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-03-15 19:37 . 2007-04-29 09:50 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-03-15 19:37 . 2007-04-29 09:50 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-03-15 19:37 . 2007-04-29 09:50 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-03-15 19:37 . 2008-03-18 00:14 <DIR> d--h----- C:\Documents and Settings\Administrador\Configura‡äes locais

2008-03-15 19:37 . 2007-04-29 09:50 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-03-15 19:37 . 2007-04-29 09:50 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressÆo

2008-03-15 14:24 . 2008-03-15 14:24 29,134 --a------ C:\Profile.jpg

2008-03-15 12:35 . 2008-03-17 18:51 <DIR> d-------- C:\Teste

2008-03-14 23:08 . 2008-03-14 23:09 <DIR> d-------- C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\Simply Super Software

2008-03-14 23:08 . 2008-03-14 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Simply Super Software

2008-03-14 23:08 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll

2008-03-14 23:08 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll

2008-03-14 23:08 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll

2008-03-14 23:08 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2008-03-14 23:08 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll

2008-03-14 22:05 . 2008-03-14 22:05 <DIR> d-------- C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\MakeUpPilot

2008-03-14 22:03 . 2008-03-14 22:03 <DIR> d-------- C:\Arquivos de programas\MakeUp Pilot

2008-03-14 21:16 . 2002-08-29 02:32 142,976 --a------ C:\WINDOWS\system32\drivers\usbport.sys

2008-03-14 21:16 . 2002-08-29 02:32 142,976 --a--c--- C:\WINDOWS\system32\dllcache\usbport.sys

2008-03-14 21:16 . 2002-08-29 02:32 135,552 --a------ C:\WINDOWS\system32\drivers\OLD8C.tmp

2008-03-14 21:11 . 2008-03-14 21:14 <DIR> d-------- C:\fixwareout

2008-03-14 21:06 . 2008-03-14 21:21 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-03-14 10:35 . 2008-03-14 10:35 <DIR> d-------- C:\WINDOWS\system32\Downloads

2008-03-13 23:48 . 2008-03-13 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles

2008-03-13 22:34 . 2008-03-17 22:49 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-03-13 20:52 . 2008-03-13 20:52 <DIR> d-------- C:\Arquivos de programas\Image Doctor

2008-03-13 12:12 . 2008-03-13 12:12 <DIR> d-------- C:\Arquivos de programas\NeroInstall.bak

2008-03-13 11:54 . 2008-03-13 11:54 <DIR> d-------- C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\Nero

2008-03-13 11:51 . 2008-03-13 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-03-13 11:51 . 2008-03-13 11:51 <DIR> d-------- C:\Arquivos de programas\Nero

2008-03-13 11:51 . 2008-03-13 11:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nero

2008-03-12 15:31 . 2008-03-12 15:31 528 -r-hs---- C:\WINDOWS\PCGWIN32.LI4

2008-03-09 20:59 . 2008-03-09 20:59 1,190 --a------ C:\WINDOWS\mozver.dat

2008-03-09 20:49 . 2008-03-09 20:49 <DIR> d-------- C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\Talkback

2008-03-09 20:49 . 2008-03-09 20:49 0 --a------ C:\WINDOWS\nsreg.dat

2008-03-08 01:21 . 2008-03-08 01:21 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-03-04 12:17 . 2008-03-04 12:17 <DIR> d-------- C:\videooutput

2008-03-04 12:17 . 2008-03-04 12:17 <DIR> d-------- C:\Arquivos de programas\Smallvideosoft

2008-03-04 12:17 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll

2008-03-04 12:17 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll

2008-03-04 12:17 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll

2008-03-02 12:09 . 2008-03-02 12:09 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-03-02 12:09 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-03-01 14:08 . 2008-03-01 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-03-01 14:04 . 2008-03-01 14:04 <DIR> d-------- C:\Arquivos de programas\FLV Player

2008-02-28 19:28 . 2007-12-10 14:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb

2008-02-28 17:38 . 2008-02-28 17:38 972,072 --a------ C:\WINDOWS\UNNeroMediaHome.exe

2008-02-26 16:14 . 2008-02-26 16:14 972,072 --a------ C:\WINDOWS\UNRecode.exe

2008-02-22 10:49 . 2008-02-22 10:49 <DIR> d-------- C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\gslist

2008-02-19 14:35 . 2008-02-19 14:37 <DIR> d-------- C:\Arquivos de programas\Anti-Blaxx 1.18

2008-02-19 14:35 . 2004-03-09 01:00 152,848 --a------ C:\WINDOWS\system32\comdlg32.ocx

2008-02-19 14:22 . 2008-02-26 23:16 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-02-19 14:22 . 2008-02-20 19:37 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-02-19 14:22 . 2008-02-26 23:16 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-02-19 14:09 . 2008-02-20 19:37 674,600 --a------ C:\WINDOWS\system32\pbsvc.exe

2008-02-19 14:08 . 2008-02-26 23:16 22,328 --a------ C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\PnkBstrK.sys

2008-02-19 13:56 . 2008-03-09 20:17 <DIR> dr------- C:\Inicializar

2008-02-18 16:21 . 2008-02-18 16:21 132,904 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys

2008-02-18 16:21 . 2008-02-18 16:21 11,304 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys

2008-02-18 16:04 . 2008-02-18 16:04 95,600 --a------ C:\WINDOWS\system32\NeroCo.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-17 23:44 --------- d-----w C:\Arquivos de programas\eMule

2008-03-17 23:19 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-03-17 23:19 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-03-15 00:43 --------- d-----w C:\Arquivos de programas\Game Accelerator

2008-03-14 15:06 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-03-13 17:44 --------- d-----w C:\Arquivos de programas\Imperia Online

2008-03-12 17:23 --------- d-----w C:\Arquivos de programas\MansionPoker

2008-03-09 23:48 --------- d-----w C:\Arquivos de programas\Everest Poker

2008-03-09 22:37 --------- d-----w C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\Hamachi

2008-03-04 14:58 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-03-03 16:58 --------- d-----w C:\Arquivos de programas\OAA2

2008-02-19 23:29 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-02-16 22:18 --------- d-----w C:\Arquivos de programas\Gold Miner

2008-02-15 17:45 --------- d-----w C:\Arquivos de programas\Hamachi

2008-02-15 17:44 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys

2008-02-14 19:11 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-02-14 15:50 --------- d-----w C:\Arquivos de programas\BfSV

2008-02-12 12:30 --------- d-----w C:\Arquivos de programas\PartyGaming

2008-02-10 21:32 --------- d-----w C:\Arquivos de programas\WorldTradePoker

2008-02-09 20:03 --------- d-----w C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\teamspeak2

2008-02-09 20:03 --------- d-----w C:\Arquivos de programas\Teamspeak2_RC2

2008-02-01 03:25 --------- d-----w C:\Arquivos de programas\Data Realms

2008-01-31 08:58 --------- d-----w C:\Arquivos de programas\PokerLoco

2008-01-29 17:27 --------- d-----w C:\Arquivos de programas\PokerStrategy

2008-01-23 18:50 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\SRSLabs

2008-01-23 18:49 --------- d-----w C:\Arquivos de programas\SRSLabs

2008-01-23 18:49 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SRS

2008-01-23 02:33 --------- d-----w C:\Arquivos de programas\Gold Miner Special Edition

2008-01-22 04:59 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia

2008-01-21 18:26 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Office Genuine Advantage

2008-01-18 19:15 497,728 ----a-w C:\MoonShell_EZSD_EZ Flash 4 (SD Card).nds.bin

2008-01-09 18:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe

2007-05-05 19:17 17,144 ----a-w C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\GDIPFONTCACHEV1.DAT

.

 

------- Sigcheck -------

 

2007-02-28 13:02 2339584 298518b729020450823aaf9375df7b84 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

2007-02-28 13:02 2339584 298518b729020450823aaf9375df7b84 C:\WINDOWS\system32\ntoskrnl.exe

2007-02-28 13:02 2339584 298518b729020450823aaf9375df7b84 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-02-28 13:02 2339584 298518b729020450823aaf9375df7b84 C:\WINDOWS\VIPv3\backup\ntoskrnl.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-08-15 10:56 5674352]

"Steam"="e:\arquivos de programas\valve\steam\steam.exe" [2007-12-19 18:55 1266936]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools"="e:\Arquivos de programas\DAEMON Tools\daemon.exe" [2006-09-14 17:09 157592]

"PC Booster"="C:\Arquivos de programas\inKline Global\PC Booster\pcbooster.exe" [2005-09-07 03:06 647168]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"GameXL"="C:\Arquivos de programas\Game Accelerator\gamexl.exe" [2008-01-24 02:20 155648]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]

"NBKeyScan"="C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"RunStartupScriptSync"= 0 (0x0)

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoChangeAnimation"= 1 (0x1)

"NoStrCmpLogical"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"MemCheckBoxInRunDlg"= 1 (0x1)

"NoStrCmpLogical"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Antigo Drive D\\Arquivos de programas\\BitComet\\BitComet.exe"=

"C:\\Arquivos de programas\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=

"E:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\deeplink\\counter-strike source\\hl2.exe"=

"E:\\Arquivos de programas\\Valve\\Steam\\Steam.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"E:\\Arquivos de programas\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"E:\\Arquivos de programas\\EA GAMES\\Battlefield 2\\pb\\PnkBstrB.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"E:\\Arquivos de programas\\EA GAMES\\Battlefield 2\\BF2.exe"=

"C:\\GunSoft\\Last War\\LW.exe"=

"C:\\Arquivos de programas\\Arquivos comuns\\Nero\\Nero Web\\SetupX.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26609:TCP"= 26609:TCP:BitComet 26609 TCP

"26609:UDP"= 26609:UDP:BitComet 26609 UDP

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"27900:UDP"= 27900:UDP:UDP 27900

"29900:TCP"= 29900:TCP:UDP/TCP 29900

"29900:UDP"= 29900:UDP:29900

"80:TCP"= 80:TCP:TCP 80

"4711:TCP"= 4711:TCP:TCP 4711

"29901:TCP"= 29901:TCP:TCP 29901

"1500:UDP"= 1500:UDP:UDP 1500-4999

"4999:UDP"= 4999:UDP:UDP 4999

"1024:UDP"= 1024:UDP:UDP

"1024:TCP"= 1024:TCP:TCP 1024

"1124:TCP"= 1124:TCP:UDP 1124

"1124:UDP"= 1124:UDP:TCP 1124

"28910:UDP"= 28910:UDP:UDP 28910

"16567:UDP"= 16567:UDP:UDP 16567

"55123:UDP"= 55123:UDP:UDP 55123

"55125:UDP"= 55125:UDP:UDP

 

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-09-09 09:47]

S2 EZWRIT3;EZWRIT3;C:\WINDOWS\system32\Drivers\ezwrit3.sys [2006-01-12 15:00]

S3 APLOADER;APLOADER;C:\WINDOWS\system32\drivers\ApLoader.sys [2005-10-18 17:00]

S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-18 00:15:35

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-03-18 0:20:51 - machine was rebooted [Mateus e Maria]

ComboFix-quarantined-files.txt 2008-03-18 03:20:48

.

2008-03-15 22:52:17 --- E O F ---

 

 

----------------------------------------------------------------------------------------------------------

 

Log do Hijack

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:23:37, on 18/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

E:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Game Accelerator\gamexl.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

E:\arquivos de programas\valve\steam\steam.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Antigo Drive D\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [DAEMON Tools] "e:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [PC Booster] C:\Arquivos de programas\inKline Global\PC Booster\pcbooster.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [GameXL] "C:\Arquivos de programas\Game Accelerator\gamexl.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "e:\arquivos de programas\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Antigo Drive D\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Convert to PDF - {410C30C7-098A-4090-928E-F1D356D34C7F} - C:\WINDOWS\system32\shdocvw.dll (HKCU)

O9 - Extra 'Tools' menuitem: Convert to PDF using HTML2PDF Pilot... - {410C30C7-098A-4090-928E-F1D356D34C7F} - C:\WINDOWS\system32\shdocvw.dll (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0972B8D1-780B-48B4-B271-D2A952F38475}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{0972B8D1-780B-48B4-B271-D2A952F38475}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS2\Services\Tcpip\..\{0972B8D1-780B-48B4-B271-D2A952F38475}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 9333 bytes

[DigRam 144]

Bom Dia! Deeplink

 

Ola amigão, vamos la, estou dando o maior trabalho né...

>@< Provavelmente,devido ao fato de não ter tido,à tempo,a proteção de um bom antivírus.

_________________________

 

>@< Voçê conhece este ficheiro? >> C:\eticaprofissional1.ppt

_________________________

 

Delete:

 

C:\Qoobox << Importante,a remoção!

C:\ComboFix.txt << Log anterior do ComboFix.

_________________________

 

>@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\WINDOWS\svchost_

C:\WINDOWS\mssnmsgr.dll

C:\WINDOWS\svchost

Folder::

C:\WINDOWS\_tmp

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

 

 

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Caso não reinicie,faça-o manualmente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

[Deeplink 0]

Boa noite amigo!

 

>@< Voçê conhece este ficheiro? >> C:\eticaprofissional1.ppt

 

Conheço sim, é uma aula que eu estava preparando para hoje! Infelizmente não tenho como não usar o computador esses dias.

 

Segue abaixo o log do combofix:

 

 

ComboFix 08-03-14.4 - Mateus e Maria 2008-03-18 12:31:37.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.587 [GMT -3:00]

Executando de: C:\Documents and Settings\Mateus e Maria\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Mateus e Maria\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\mssnmsgr.dll

C:\WINDOWS\svchost

C:\WINDOWS\svchost_

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\_tmp

C:\WINDOWS\mssnmsgr.dll

C:\WINDOWS\svchost

C:\WINDOWS\svchost_

C:\WINDOWS\system32\drivers\down

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-18 to 2008-03-18 ))))))))))))))))))))))))))))))))

.

 

2008-03-18 12:16 . 2008-03-18 12:16 <DIR> d-------- C:\WINDOWS\LastGood

2008-03-18 12:16 . 2002-08-29 02:32 135,552 --a------ C:\WINDOWS\system32\drivers\OLD8D.tmp

2008-03-18 00:47 . 2007-12-04 11:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-03-18 00:47 . 2004-01-09 07:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-03-18 00:47 . 2007-12-04 10:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-03-18 00:47 . 2007-12-04 12:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-18 00:47 . 2007-12-04 12:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-03-18 00:47 . 2007-12-04 12:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-18 00:47 . 2007-12-04 12:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-18 00:47 . 2007-12-04 12:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-18 00:40 . 2008-03-18 00:40 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Broderbund LLC

2008-03-18 00:40 . 2008-03-18 00:40 <DIR> d-------- C:\Arquivos de programas\Cosmopolitan

2008-03-17 23:04 . 2008-03-17 23:51 1,305,600 --a------ C:\eticaprofissional1.ppt

2008-03-17 18:51 . 2008-03-17 18:51 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-03-15 21:58 . 2008-03-18 00:20 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-03-15 21:58 . 2008-03-18 00:20 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-03-15 21:58 . 2008-03-18 00:20 <DIR> d-------- C:\Documents and Settings\Mateus e Maria\Configuraþ§es locais

2008-03-15 21:58 . 2008-03-18 00:20 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-03-15 21:58 . 2008-03-18 00:20 <DIR> d-------- C:\Documents and Settings\Administrador\Configuraþ§es locais

2008-03-15 21:51 . 2008-03-15 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-03-15 21:51 . 2008-03-15 21:51 7,818 --a------ C:\WINDOWS\system32\Cef.gpc

2008-03-15 19:52 . 2008-03-15 19:52 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2008-03-15 19:51 . 2008-03-15 19:52 <DIR> d-------- C:\FSBlackLight

2008-03-15 19:37 . 2007-04-29 12:57 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-03-15 19:37 . 2007-04-29 09:50 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-03-15 19:37 . 2007-04-29 09:50 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-03-15 19:37 . 2007-04-29 09:50 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-03-15 19:37 . 2007-04-29 09:50 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-03-15 19:37 . 2008-03-18 00:14 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-03-15 19:37 . 2007-04-29 09:50 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-03-15 19:37 . 2007-04-29 09:50 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-03-15 14:24 . 2008-03-15 14:24 29,134 --a------ C:\Profile.jpg

2008-03-15 12:35 . 2008-03-17 18:51 <DIR> d-------- C:\Teste

2008-03-14 23:08 . 2008-03-14 23:09 <DIR> d-------- C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\Simply Super Software

2008-03-14 23:08 . 2008-03-14 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Simply Super Software

2008-03-14 23:08 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll

2008-03-14 23:08 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll

2008-03-14 23:08 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll

2008-03-14 23:08 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2008-03-14 23:08 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll

2008-03-14 22:05 . 2008-03-14 22:05 <DIR> d-------- C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\MakeUpPilot

2008-03-14 22:03 . 2008-03-14 22:03 <DIR> d-------- C:\Arquivos de programas\MakeUp Pilot

2008-03-14 21:16 . 2004-08-03 23:08 142,976 --a------ C:\WINDOWS\system32\drivers\usbport.sys

2008-03-14 21:16 . 2004-08-03 23:08 142,976 --a--c--- C:\WINDOWS\system32\dllcache\usbport.sys

2008-03-14 21:16 . 2002-08-29 02:32 135,552 --a------ C:\WINDOWS\system32\drivers\OLD8C.tmp

2008-03-14 21:11 . 2008-03-14 21:14 <DIR> d-------- C:\fixwareout

2008-03-14 21:06 . 2008-03-14 21:21 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-03-14 10:35 . 2008-03-14 10:35 <DIR> d-------- C:\WINDOWS\system32\Downloads

2008-03-13 23:48 . 2008-03-13 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles

2008-03-13 22:34 . 2008-03-17 22:49 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-03-13 20:52 . 2008-03-13 20:52 <DIR> d-------- C:\Arquivos de programas\Image Doctor

2008-03-13 12:12 . 2008-03-13 12:12 <DIR> d-------- C:\Arquivos de programas\NeroInstall.bak

2008-03-13 11:54 . 2008-03-13 11:54 <DIR> d-------- C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\Nero

2008-03-13 11:51 . 2008-03-13 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-03-13 11:51 . 2008-03-13 11:51 <DIR> d-------- C:\Arquivos de programas\Nero

2008-03-13 11:51 . 2008-03-13 11:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nero

2008-03-12 15:31 . 2008-03-12 15:31 528 -r-hs---- C:\WINDOWS\PCGWIN32.LI4

2008-03-09 20:59 . 2008-03-09 20:59 1,190 --a------ C:\WINDOWS\mozver.dat

2008-03-09 20:49 . 2008-03-09 20:49 <DIR> d-------- C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\Talkback

2008-03-09 20:49 . 2008-03-09 20:49 0 --a------ C:\WINDOWS\nsreg.dat

2008-03-08 01:21 . 2008-03-08 01:21 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-03-04 12:17 . 2008-03-04 12:17 <DIR> d-------- C:\videooutput

2008-03-04 12:17 . 2008-03-04 12:17 <DIR> d-------- C:\Arquivos de programas\Smallvideosoft

2008-03-04 12:17 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll

2008-03-04 12:17 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll

2008-03-04 12:17 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll

2008-03-02 12:09 . 2008-03-02 12:09 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-03-02 12:09 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-03-01 14:08 . 2008-03-01 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-03-01 14:04 . 2008-03-01 14:04 <DIR> d-------- C:\Arquivos de programas\FLV Player

2008-02-28 19:28 . 2007-12-10 14:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb

2008-02-28 17:38 . 2008-02-28 17:38 972,072 --a------ C:\WINDOWS\UNNeroMediaHome.exe

2008-02-26 16:14 . 2008-02-26 16:14 972,072 --a------ C:\WINDOWS\UNRecode.exe

2008-02-22 10:49 . 2008-02-22 10:49 <DIR> d-------- C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\gslist

2008-02-19 14:35 . 2008-02-19 14:37 <DIR> d-------- C:\Arquivos de programas\Anti-Blaxx 1.18

2008-02-19 14:35 . 2004-03-09 01:00 152,848 --a------ C:\WINDOWS\system32\comdlg32.ocx

2008-02-19 14:22 . 2008-02-26 23:16 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-02-19 14:22 . 2008-02-20 19:37 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-02-19 14:22 . 2008-02-26 23:16 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-02-19 14:09 . 2008-02-20 19:37 674,600 --a------ C:\WINDOWS\system32\pbsvc.exe

2008-02-19 14:08 . 2008-02-26 23:16 22,328 --a------ C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\PnkBstrK.sys

2008-02-19 13:56 . 2008-03-09 20:17 <DIR> dr------- C:\Inicializar

2008-02-18 16:21 . 2008-02-18 16:21 132,904 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys

2008-02-18 16:21 . 2008-02-18 16:21 11,304 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys

2008-02-18 16:04 . 2008-02-18 16:04 95,600 --a------ C:\WINDOWS\system32\NeroCo.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-18 03:40 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-03-18 03:36 --------- d-----w C:\Arquivos de programas\eMule

2008-03-17 23:19 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-03-17 23:19 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-03-15 00:43 --------- d-----w C:\Arquivos de programas\Game Accelerator

2008-03-14 15:06 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-03-13 17:44 --------- d-----w C:\Arquivos de programas\Imperia Online

2008-03-12 17:23 --------- d-----w C:\Arquivos de programas\MansionPoker

2008-03-09 23:48 --------- d-----w C:\Arquivos de programas\Everest Poker

2008-03-09 22:37 --------- d-----w C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\Hamachi

2008-03-04 14:58 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-03-03 16:58 --------- d-----w C:\Arquivos de programas\OAA2

2008-02-16 22:18 --------- d-----w C:\Arquivos de programas\Gold Miner

2008-02-15 17:45 --------- d-----w C:\Arquivos de programas\Hamachi

2008-02-15 17:44 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys

2008-02-14 19:11 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-02-14 15:50 --------- d-----w C:\Arquivos de programas\BfSV

2008-02-12 12:30 --------- d-----w C:\Arquivos de programas\PartyGaming

2008-02-10 21:32 --------- d-----w C:\Arquivos de programas\WorldTradePoker

2008-02-09 20:03 --------- d-----w C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\teamspeak2

2008-02-09 20:03 --------- d-----w C:\Arquivos de programas\Teamspeak2_RC2

2008-02-01 03:25 --------- d-----w C:\Arquivos de programas\Data Realms

2008-01-31 08:58 --------- d-----w C:\Arquivos de programas\PokerLoco

2008-01-29 17:27 --------- d-----w C:\Arquivos de programas\PokerStrategy

2008-01-23 18:50 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\SRSLabs

2008-01-23 18:49 --------- d-----w C:\Arquivos de programas\SRSLabs

2008-01-23 18:49 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SRS

2008-01-23 02:33 --------- d-----w C:\Arquivos de programas\Gold Miner Special Edition

2008-01-22 04:59 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia

2008-01-21 18:26 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Office Genuine Advantage

2008-01-18 19:15 497,728 ----a-w C:\MoonShell_EZSD_EZ Flash 4 (SD Card).nds.bin

2008-01-09 18:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe

2007-05-05 19:17 17,144 ----a-w C:\Documents and Settings\Mateus e Maria\Dados de aplicativos\GDIPFONTCACHEV1.DAT

.

 

------- Sigcheck -------

 

2007-02-28 13:02 2339584 298518b729020450823aaf9375df7b84 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

2007-02-28 13:02 2339584 298518b729020450823aaf9375df7b84 C:\WINDOWS\system32\ntoskrnl.exe

2007-02-28 13:02 2339584 298518b729020450823aaf9375df7b84 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-02-28 13:02 2339584 298518b729020450823aaf9375df7b84 C:\WINDOWS\VIPv3\backup\ntoskrnl.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-08-15 10:56 5674352]

"Steam"="e:\arquivos de programas\valve\steam\steam.exe" [2007-12-19 18:55 1266936]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools"="e:\Arquivos de programas\DAEMON Tools\daemon.exe" [2006-09-14 17:09 157592]

"PC Booster"="C:\Arquivos de programas\inKline Global\PC Booster\pcbooster.exe" [2005-09-07 03:06 647168]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"GameXL"="C:\Arquivos de programas\Game Accelerator\gamexl.exe" [2008-01-24 02:20 155648]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]

"NBKeyScan"="C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 11:00 79224]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"RunStartupScriptSync"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoChangeAnimation"= 1 (0x1)

"NoStrCmpLogical"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"MemCheckBoxInRunDlg"= 1 (0x1)

"NoStrCmpLogical"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Antigo Drive D\\Arquivos de programas\\BitComet\\BitComet.exe"=

"C:\\Arquivos de programas\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=

"E:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\deeplink\\counter-strike source\\hl2.exe"=

"E:\\Arquivos de programas\\Valve\\Steam\\Steam.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"E:\\Arquivos de programas\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"E:\\Arquivos de programas\\EA GAMES\\Battlefield 2\\pb\\PnkBstrB.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"E:\\Arquivos de programas\\EA GAMES\\Battlefield 2\\BF2.exe"=

"C:\\GunSoft\\Last War\\LW.exe"=

"C:\\Arquivos de programas\\Arquivos comuns\\Nero\\Nero Web\\SetupX.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26609:TCP"= 26609:TCP:BitComet 26609 TCP

"26609:UDP"= 26609:UDP:BitComet 26609 UDP

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"27900:UDP"= 27900:UDP:UDP 27900

"29900:TCP"= 29900:TCP:UDP/TCP 29900

"29900:UDP"= 29900:UDP:29900

"80:TCP"= 80:TCP:TCP 80

"4711:TCP"= 4711:TCP:TCP 4711

"29901:TCP"= 29901:TCP:TCP 29901

"1500:UDP"= 1500:UDP:UDP 1500-4999

"4999:UDP"= 4999:UDP:UDP 4999

"1024:UDP"= 1024:UDP:UDP

"1024:TCP"= 1024:TCP:TCP 1024

"1124:TCP"= 1124:TCP:UDP 1124

"1124:UDP"= 1124:UDP:TCP 1124

"28910:UDP"= 28910:UDP:UDP 28910

"16567:UDP"= 16567:UDP:UDP 16567

"55123:UDP"= 55123:UDP:UDP 55123

"55125:UDP"= 55125:UDP:UDP

 

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-09-09 09:47]

S2 EZWRIT3;EZWRIT3;C:\WINDOWS\system32\Drivers\ezwrit3.sys [2006-01-12 15:00]

S3 APLOADER;APLOADER;C:\WINDOWS\system32\drivers\ApLoader.sys [2005-10-18 17:00]

S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-18 12:33:50

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-03-18 12:34:51

ComboFix-quarantined-files.txt 2008-03-18 15:34:37

.

2008-03-15 22:52:17 --- E O F ---

 

 

__________________________________________________

 

Hijack

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:23:23, on 18/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

E:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Game Accelerator\gamexl.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wuauclt.exe

\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Antigo Drive D\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [DAEMON Tools] "e:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [PC Booster] C:\Arquivos de programas\inKline Global\PC Booster\pcbooster.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [GameXL] "C:\Arquivos de programas\Game Accelerator\gamexl.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "e:\arquivos de programas\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Antigo Drive D\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Convert to PDF - {410C30C7-098A-4090-928E-F1D356D34C7F} - C:\WINDOWS\system32\shdocvw.dll (HKCU)

O9 - Extra 'Tools' menuitem: Convert to PDF using HTML2PDF Pilot... - {410C30C7-098A-4090-928E-F1D356D34C7F} - C:\WINDOWS\system32\shdocvw.dll (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0972B8D1-780B-48B4-B271-D2A952F38475}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{0972B8D1-780B-48B4-B271-D2A952F38475}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS2\Services\Tcpip\..\{0972B8D1-780B-48B4-B271-D2A952F38475}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 10120 bytes

[DigRam 144]

Boa Noite! Deeplink

 

>@< Este é o último procedimento de desinfecção,já que está tudo Ok,com o relatório do HijackThis.

___________________________

 

>@< Faça um escaneamento de desinfecção em < BitDefender > e poste o relatório.

>@< Clique em: < >

>@< Abrirá a página: < BitDefender OnLine Scanner >

>@< Clique em I Agree.

>@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan.

___________________________

 

>@< Poste,então,o relatório do BitDefender.

>@< Ps: O relatório do BitDefender,estará em: C:\Windows\BDOSCAN8\bdoscan.txt

 

Abraços!

[Deeplink 0]

Boa noite amigo, bom esse scan vou fazer a hora que conseguir um tempo, estou trabalhando direto e a noite dou aula, amanha não terei aula a noite então faço esse scan e te mando. De qualquer forma estou usando o computador com muita cautela para não infectar novamente. Ja ja te mando o log.