[Resolvido!] Kavo.exe deixou rastro ?

[nowfeer 0]

axei em um blog na net p poder tirar o kavo.exe e suas entradas manualmente .. depois q tirei o pc voltou a 90% perfeito , mais ainda acho q tem mais..

 

Logfile of HijackThis v1.99.1

Scan saved at 12:30:18, on 23/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe

C:\Arquivos de programas\McAfee\Common Framework\McTray.exe

C:\Arquivos de programas\Clip2Net\clip2net.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Internet Download Manager\IDMan.exe

C:\Arquivos de programas\Internet Download Manager\IEMonitor.exe

C:\Download\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

O4 - HKCU\..\Run: [Clip2Net] C:\Arquivos de programas\Clip2Net\clip2net.exe

O4 - HKCU\..\Run: [Anders Kjersem: TransBar] C:\Arquivos de programas\Anders Kjersem\TransBar\TransBar.exe /NoConfig

O8 - Extra context menu item: Download all links with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

[DigRam 144]

Boa Tarde! nowfeer

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite as proteções residente de: antivírus,antispywares e Firewall.

>@< Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

---------------------------------

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[nowfeer 0]

nossa vcs respondem rapido.

percebi que depois que executei o combo.exe , a pasta dos windows oculta que nao estava mostrando , voltou a mostrar.

 

 

aq esta o log

Logfile of HijackThis v1.99.1

Scan saved at 19:42:02, on 23/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe

C:\Arquivos de programas\McAfee\Common Framework\McTray.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Internet Download Manager\IDMan.exe

C:\Arquivos de programas\Internet Download Manager\IEMonitor.exe

C:\WINDOWS\explorer.exe

C:\Download\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Arquivos de programas\SpywareGuard\dlprotect.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKCU\..\Run: [Anders Kjersem: TransBar] C:\Arquivos de programas\Anders Kjersem\TransBar\TransBar.exe /NoConfig

O8 - Extra context menu item: Download all links with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

 

_________________________________________________

__________________________________________

__________________________________

 

 

 

ComboFix 08-04-22.5 - Wesley 2008-04-23 19:33:49.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.79 [GMT -3:00]

Executando de: C:\Documents and Settings\Wesley\Desktop\Combo.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-03-23 to 2008-04-23 ))))))))))))))))))))))))))))))))

.

 

2008-04-23 17:47 . 2008-04-23 17:47 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritos

2008-04-23 16:55 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-04-23 16:55 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-04-23 16:55 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-04-23 16:55 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-04-23 16:54 . 2008-04-23 16:54 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\PC Tools

2008-04-23 16:54 . 2008-04-23 18:47 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor

2008-04-23 15:45 . 2008-04-23 18:43 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2008-04-23 15:45 . 2008-04-23 18:43 <DIR> d-------- C:\Arquivos de programas\Spyware Terminator

2008-04-23 15:39 . 1999-12-17 11:13 86,016 --a------ C:\WINDOWS\unvise32.exe

2008-04-23 15:38 . 2008-04-23 15:39 <DIR> d-------- C:\Arquivos de programas\3D Flash Animator 4.9.8.4

2008-04-23 13:47 . 2008-04-23 15:27 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-04-23 13:39 . 2008-04-23 13:39 <DIR> d-------- C:\Arquivos de programas\VirusTotalUploader

2008-04-23 12:33 . 2008-04-23 15:46 <DIR> d-------- C:\Arquivos de programas\SpywareGuard

2008-04-23 12:19 . 2008-04-23 12:19 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-04-23 12:19 . 2008-04-23 12:19 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-04-23 11:51 . 2008-04-23 11:51 <DIR> d--h----- C:\teste

2008-04-23 11:31 . 2008-04-23 18:53 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-04-23 11:31 . 2008-04-23 11:36 <DIR> d-------- C:\Arquivos de programas\SpywareBlaster

2008-04-23 11:31 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX

2008-04-23 11:08 . 2008-04-23 15:38 <DIR> d-------- C:\!KillBox

2008-04-22 23:50 . 2008-04-23 19:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-22 23:50 . 2008-04-22 23:50 1,409 --a------ C:\WINDOWS\QTFont.for

2008-04-22 17:59 . 2008-04-22 18:10 <DIR> d-------- C:\Arquivos de programas\HGI

2008-04-22 14:26 . 2008-04-22 14:26 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\AntsSoft

2008-04-22 14:24 . 2008-04-22 14:24 <DIR> d-------- C:\Arquivos de programas\SWFText

2008-04-21 23:38 . 2008-04-21 23:38 <DIR> d-------- C:\Arquivos de programas\VIA

2008-04-21 23:38 . 2004-07-06 11:45 60,672 -ra------ C:\WINDOWS\system32\drivers\viamraid.sys

2008-04-21 23:37 . 2008-04-21 23:37 <DIR> d-------- C:\Arquivos de programas\On-line Help Console

2008-04-21 23:24 . 2001-08-17 21:52 12,800 --a------ C:\WINDOWS\system32\drivers\aha154x.sys

2008-04-21 23:24 . 2001-08-17 21:52 12,800 --a--c--- C:\WINDOWS\system32\dllcache\aha154x.sys

2008-04-21 23:23 . 2001-08-17 22:07 19,072 --a------ C:\WINDOWS\system32\drivers\sparrow.sys

2008-04-21 23:23 . 2001-08-17 22:07 19,072 --a--c--- C:\WINDOWS\system32\dllcache\sparrow.sys

2008-04-20 18:07 . 2008-04-20 18:07 <DIR> d---s---- C:\Documents and Settings\Wesley\UserData

2008-04-18 18:23 . 2008-04-18 18:23 <DIR> d-------- C:\Arquivos de programas\EA GAMES

2008-04-18 18:23 . 2004-08-18 00:14 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll

2008-04-18 16:03 . 2008-04-18 16:03 0 --------- C:\WINDOWS\WB.ini

2008-04-18 15:56 . 2008-04-18 15:56 <DIR> d-------- C:\Arquivos de programas\Stardock

2008-04-18 15:56 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll

2008-04-18 13:25 . 2008-04-18 13:28 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\Ahead

2008-04-18 10:42 . 2008-04-18 10:42 7,168 --ahs---- C:\WINDOWS\Thumbs.db

2008-04-18 10:40 . 2008-04-18 10:53 <DIR> d--h----- C:\icones

2008-04-18 03:43 . 2008-04-18 03:43 <DIR> d-------- C:\Arquivos de programas\Anders Kjersem

2008-04-18 01:57 . 2008-04-18 01:56 304,640 --ah----- C:\PhotoResize600H.exe

2008-04-18 01:18 . 2008-04-18 01:18 <DIR> d-------- C:\Arquivos de programas\Clip2Net

2008-04-17 23:55 . 2004-08-07 09:36 218,624 --a------ C:\WINDOWS\system32\uxtheme.ubk

2008-04-17 23:55 . 2006-08-09 20:58 218,624 --a------ C:\WINDOWS\system32\uxtheme.dll

2008-04-17 22:08 . 2008-04-18 00:02 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-04-17 21:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-04-17 21:23 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-04-17 21:23 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-04-17 21:03 . 2008-04-20 15:19 <DIR> d-------- C:\Documents and Settings\Wesley\Contacts

2008-04-17 20:56 . 2008-04-17 20:56 268 --ah----- C:\sqmdata01.sqm

2008-04-17 20:56 . 2008-04-17 20:56 244 --ah----- C:\sqmnoopt01.sqm

2008-04-17 20:53 . 2008-04-17 20:53 268 --ah----- C:\sqmdata00.sqm

2008-04-17 20:53 . 2008-04-17 20:53 244 --ah----- C:\sqmnoopt00.sqm

2008-04-17 20:38 . 2008-04-17 20:38 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-04-17 20:01 . 2008-04-17 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-04-17 20:01 . 2008-04-17 20:49 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-04-17 20:01 . 2008-04-17 20:21 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-04-17 19:59 . 2008-04-23 16:08 <DIR> d-------- C:\QUARANTINE

2008-04-17 19:20 . 2008-04-17 19:20 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\Media Player Classic

2008-04-17 19:20 . 2008-04-23 10:34 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-04-17 19:12 . 2008-04-17 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\McAfee

2008-04-17 19:12 . 2008-04-17 19:12 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Cisco Systems

2008-04-17 19:12 . 2006-12-19 15:06 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll

2008-04-17 19:12 . 2008-01-24 20:50 171,400 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys

2008-04-17 19:12 . 2008-01-24 20:50 72,936 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys

2008-04-17 19:12 . 2008-01-24 20:50 64,232 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys

2008-04-17 19:12 . 2008-01-24 20:50 52,104 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys

2008-04-17 19:12 . 2008-01-24 20:50 33,960 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys

2008-04-17 19:12 . 2006-12-19 15:06 280 --a------ C:\WINDOWS\system32\epoPGPsdk.dll.sig

2008-04-17 19:11 . 2008-04-17 19:11 <DIR> d-------- C:\Arquivos de programas\McAfee

2008-04-17 19:11 . 2008-04-17 19:11 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\McAfee

2008-04-17 18:36 . 2008-04-23 18:32 <DIR> d-------- C:\LinhaDefensiva

2008-04-17 18:14 . 2008-04-17 18:14 <DIR> d--h----- C:\Controle

2008-04-17 17:59 . 2008-04-17 17:59 <DIR> d-------- C:\Arquivos de programas\USB Vibration Joystick

2008-04-17 17:58 . 2008-04-17 17:58 <DIR> d-------- C:\Arquivos de programas\Twin USB Vibration Gamepad

2008-04-17 17:54 . 2008-04-17 17:54 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-04-17 17:44 . 2008-04-17 18:13 <DIR> d--h----- C:\winning eleven

2008-04-17 17:31 . 2004-08-04 00:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-04-17 16:56 . 2008-04-17 16:56 <DIR> d-------- C:\Arquivos de programas\Bonjour

2008-04-17 16:40 . 2008-04-17 16:40 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

2008-04-17 16:40 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-04-17 16:35 . 2008-04-17 16:56 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-04-17 16:31 . 2008-04-17 16:31 <DIR> d-------- C:\Arquivos de programas\Hamachi

2008-04-17 16:28 . 2008-04-21 12:58 <DIR> d-------- C:\Arquivos de programas\Valve

2008-04-17 16:26 . 2008-04-23 16:53 <DIR> d-------- C:\Download

2008-04-17 16:22 . 2008-04-18 14:17 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\IDM

2008-04-17 16:22 . 2008-04-23 19:30 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\DMCache

2008-04-17 16:22 . 2008-04-17 16:24 <DIR> d-------- C:\Arquivos de programas\Internet Download Manager

2008-04-17 16:18 . 2008-04-23 09:00 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\LimeWire

2008-04-17 16:18 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-04-17 16:15 . 2008-04-17 17:57 <DIR> d-------- C:\Arquivos de programas\Java

2008-04-17 16:10 . 2006-09-23 18:40 145,400 --ah----- C:\accessibilitycpl.dll_I0141_0409.ico

2008-04-17 16:09 . 2008-04-17 16:09 1,192 --a------ C:\WINDOWS\mozver.dat

2008-04-17 16:02 . 2008-04-17 16:02 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-04-17 16:01 . 2008-04-17 16:18 <DIR> d-------- C:\Arquivos de programas\LimeWire

2008-04-17 16:00 . 2008-04-17 16:00 <DIR> d-------- C:\Arquivos de programas\Google

2008-04-17 15:59 . 2008-04-17 15:59 <DIR> d-------- C:\Arquivos de programas\EPSON

2008-04-17 15:59 . 2003-07-01 00:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll

2008-04-17 15:59 . 2003-08-06 00:00 29,184 --a------ C:\WINDOWS\system32\escwiadn.dll

2008-04-17 15:59 . 2003-07-01 00:00 22,528 --a------ C:\WINDOWS\system32\esccmd.dll

2008-04-17 15:58 . 2008-04-17 15:58 <DIR> d-------- C:\Arquivos de programas\Desliga Aí!

2008-04-17 15:56 . 2008-04-17 15:57 <DIR> d-------- C:\Arquivos de programas\Coolcolor Text Generator

2008-04-17 15:52 . 2008-04-22 11:27 <DIR> d-------- C:\Arquivos de programas\AIMP2

2008-04-17 15:39 . 2008-04-17 15:39 0 --a------ C:\WINDOWS\nsreg.dat

2008-04-17 15:37 . 2004-03-22 12:17 24,816 --a------ C:\WINDOWS\system32\mdimon.dll

2008-04-17 15:37 . 2008-04-17 15:37 421 --a------ C:\WINDOWS\ODBC.INI

2008-04-17 15:36 . 2008-04-17 15:36 <DIR> d-------- C:\Arquivos de programas\Microsoft Works

2008-04-17 15:35 . 2008-04-17 15:36 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-04-17 15:34 . 2008-04-17 15:34 <DIR> d-------- C:\Arquivos de programas\Foxit Software

2008-04-17 15:32 . 2008-04-17 15:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-04-17 15:32 . 2008-04-17 15:32 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-04-17 15:27 . 2008-04-17 15:27 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0

2008-04-17 15:27 . 2008-04-17 15:27 <DIR> d--h----- C:\WINDOWS\PIF

2008-04-17 15:27 . 2008-04-17 15:27 <DIR> d-------- C:\Arquivos de programas\WinAVI Video Converter 9.0

2008-04-17 15:23 . 2008-04-17 15:23 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2008-04-17 15:22 . 2008-04-17 15:22 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-04-17 15:22 . 2008-04-17 15:22 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-04-17 15:21 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-04-17 15:20 . 2008-04-17 15:20 22 --a------ C:\WINDOWS\system32\ati64hlp.stb

2008-04-17 15:14 . 2008-04-17 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-04-17 15:14 . 2008-04-17 15:14 <DIR> d-------- C:\Arquivos de programas\Nero

2008-04-17 15:14 . 2008-04-17 15:15 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-22 02:39 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-04-17 18:01 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-04-17 17:58 --------- d-----w C:\Arquivos de programas\Realtek AC97

2008-04-17 17:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\ESET

2008-04-17 17:29 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-04-17 17:27 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-04-17 17:26 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Anders Kjersem: TransBar"="C:\Arquivos de programas\Anders Kjersem\TransBar\TransBar.exe" [2003-06-09 17:19 16896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ShStatEXE"="C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.exe" [2008-01-24 20:50 111952]

"McAfeeUpdaterUI"="C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 11:27 136768]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.yv12"= yv12vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Wesley^Menu Iniciar^Programas^Inicializar^Reboot.exe]

path=C:\Documents and Settings\Wesley\Menu Iniciar\Programas\Inicializar\Reboot.exe

backup=C:\WINDOWS\pss\Reboot.exeStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Wesley^Menu Iniciar^Programas^Inicializar^SpywareGuard.lnk]

path=C:\Documents and Settings\Wesley\Menu Iniciar\Programas\Inicializar\SpywareGuard.lnk

backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2004-11-11 21:10 344064 C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-05-16 09:27 153136 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clip2Net]

--a------ 2008-02-14 10:33 1479168 C:\Arquivos de programas\Clip2Net\clip2net.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDKS Agent]

C:\WINDOWS\system32\Sys\HDKS.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

--a------ 2008-02-01 12:55 1103240 C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]

C:\Arquivos de programas\VIA\RAID\raid_t

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 04:25 144784 C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\McAfee\\Common Framework\\FrameworkService.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Valve\\hl.exe"=

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15447c7d-0fbb-11dd-b737-00142a1ed8ed}]

\Shell\AutoRun\command - F:\w0owgn.bat

\Shell\explore\Command - F:\w0owgn.bat

\Shell\open\Command - F:\w0owgn.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a96ba72-108a-11dd-b73c-00142a1ed8ed}]

\Shell\AutoRun\command - F:\i.bat

\Shell\explore\Command - F:\i.bat

\Shell\open\Command - F:\i.bat

 

*Newly Created Service* - CATCHME

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-23 19:35:37

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Anders Kjersem: TransBar = C:\Arquivos de programas\Anders Kjersem\TransBar\TransBar.exe /NoConfig?d}?w????????????????????@??????????? ???????????????@???D???<??w??????????????????S????????w??S????wd??w???w???wF???????????????????????????(??????wF??????????????w?$@?F???????????????h??

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-04-23 19:40:11

ComboFix-quarantined-files.txt 2008-04-23 22:39:59

 

Pre-Run: 14,045,089,792 bytes disponíveis

Post-Run: 14,897,520,640 bytes disponíveis

 

222 --- E O F --- 2008-04-18 01:08:41

 

 

 

 

uma pergunta... este kavo.exe e tavo.exe sao mesmos passados de pendriver a pendriver??

[DigRam 144]

Bom Dia! nowfeer

 

uma pergunta... este kavo.exe e tavo.exe sao mesmos passados de pendriver a pendriver??

>@< Se o PC estiver infectado,passa a mesma para o pendrive,e vice-versa.

---------------------------

Antes de executar este procedimento,insira sua(s) unidade(s) removíveis,na entrada USB.

<!> Delete:

 

C:\QooBox

C:\ComboFix.txt << Log anterior do ComboFix.

---------------------------

>@< Selecione e copie,todo o conteúdo que está na área do CODE,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::F:\w0owgn.batF:\i.batRegistry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15447c7d-0fbb-11dd-b737-00142a1ed8ed}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a96ba72-108a-11dd-b73c-00142a1ed8ed}]Folder::C:\!KillBoxC:\QUARANTINEC:\LinhaDefensiva

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Veja a demonstração!

 

 

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Caso não reinicie,faça-o manualmente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

[nowfeer 0]

ComboFix 08-04-22.5 - Wesley 2008-04-24 2:06:36.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.48 [GMT -3:00]

Executando de: C:\Documents and Settings\Wesley\Desktop\Combo.exe

Command switches used :: C:\Documents and Settings\Wesley\Desktop\CFScript.txt

* Criado um novo ponto de restauro

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

F:\i.bat

F:\w0owgn.bat

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\!KillBox

C:\!KillBox\Logs\kb.log

C:\LinhaDefensiva

C:\LinhaDefensiva\backup.reg

C:\LinhaDefensiva\banker.bat

C:\LinhaDefensiva\bankerfix.vbs

C:\LinhaDefensiva\download.exe

C:\LinhaDefensiva\fx.reg

C:\LinhaDefensiva\Iniciar-BankerFix.vbs

C:\LinhaDefensiva\md5.exe

C:\LinhaDefensiva\QUA\2\system32\Sys\akv.cfg

C:\LinhaDefensiva\QUA\2\system32\Sys\HDKS.001

C:\LinhaDefensiva\QUA\2\system32\Sys\HDKS.002

C:\LinhaDefensiva\ref-allu

C:\LinhaDefensiva\ref-commonfiles

C:\LinhaDefensiva\ref-hosts

C:\LinhaDefensiva\ref-md5

C:\LinhaDefensiva\ref-mydoc

C:\LinhaDefensiva\ref-profile

C:\LinhaDefensiva\ref-programfiles

C:\LinhaDefensiva\ref-reg

C:\LinhaDefensiva\ref-start

C:\LinhaDefensiva\ref-startup

C:\LinhaDefensiva\ref-sysdrive

C:\LinhaDefensiva\ref-system

C:\LinhaDefensiva\ref-system32

C:\LinhaDefensiva\ref-tasks

C:\LinhaDefensiva\ref-temp

C:\LinhaDefensiva\ref-wincommon

C:\LinhaDefensiva\ref-windows

C:\LinhaDefensiva\reft-startup

C:\LinhaDefensiva\RegKeys.txt

C:\LinhaDefensiva\regremove

C:\LinhaDefensiva\relatorio.txt

C:\LinhaDefensiva\unzip.exe

C:\LinhaDefensiva\VERSION

C:\LinhaDefensiva\webversion.info

C:\QUARANTINE

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))))

.

 

2008-04-24 01:16 . 2008-04-24 01:16 <DIR> d-------- C:\Arquivos de programas\7-Zip

2008-04-23 20:49 . 2008-04-24 01:15 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\SiteAdvisor

2008-04-23 20:49 . 2008-04-23 20:49 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SiteAdvisor

2008-04-23 19:47 . 2008-04-23 19:47 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\3DFA

2008-04-23 17:47 . 2008-04-23 17:47 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritos

2008-04-23 16:55 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-04-23 16:55 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-04-23 16:55 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-04-23 16:55 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-04-23 16:54 . 2008-04-23 16:54 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\PC Tools

2008-04-23 16:54 . 2008-04-23 18:47 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor

2008-04-23 15:45 . 2008-04-23 18:43 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2008-04-23 15:45 . 2008-04-23 18:43 <DIR> d-------- C:\Arquivos de programas\Spyware Terminator

2008-04-23 15:39 . 1999-12-17 11:13 86,016 --a------ C:\WINDOWS\unvise32.exe

2008-04-23 15:38 . 2008-04-24 00:48 <DIR> d-------- C:\Arquivos de programas\3D Flash Animator 4.9.8.4

2008-04-23 13:47 . 2008-04-23 15:27 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-04-23 13:39 . 2008-04-23 13:39 <DIR> d-------- C:\Arquivos de programas\VirusTotalUploader

2008-04-23 12:33 . 2008-04-23 15:46 <DIR> d-------- C:\Arquivos de programas\SpywareGuard

2008-04-23 12:19 . 2008-04-23 12:19 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-04-23 12:19 . 2008-04-23 12:19 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-04-23 11:51 . 2008-04-23 11:51 <DIR> d--h----- C:\teste

2008-04-23 11:31 . 2008-04-23 18:53 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-04-23 11:31 . 2008-04-23 11:36 <DIR> d-------- C:\Arquivos de programas\SpywareBlaster

2008-04-23 11:31 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX

2008-04-22 23:50 . 2008-04-23 19:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-22 23:50 . 2008-04-22 23:50 1,409 --a------ C:\WINDOWS\QTFont.for

2008-04-22 17:59 . 2008-04-22 18:10 <DIR> d-------- C:\Arquivos de programas\HGI

2008-04-22 14:26 . 2008-04-22 14:26 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\AntsSoft

2008-04-22 14:24 . 2008-04-22 14:24 <DIR> d-------- C:\Arquivos de programas\SWFText

2008-04-21 23:38 . 2008-04-21 23:38 <DIR> d-------- C:\Arquivos de programas\VIA

2008-04-21 23:38 . 2004-07-06 11:45 60,672 -ra------ C:\WINDOWS\system32\drivers\viamraid.sys

2008-04-21 23:37 . 2008-04-21 23:37 <DIR> d-------- C:\Arquivos de programas\On-line Help Console

2008-04-21 23:24 . 2001-08-17 21:52 12,800 --a------ C:\WINDOWS\system32\drivers\aha154x.sys

2008-04-21 23:24 . 2001-08-17 21:52 12,800 --a--c--- C:\WINDOWS\system32\dllcache\aha154x.sys

2008-04-21 23:23 . 2001-08-17 22:07 19,072 --a------ C:\WINDOWS\system32\drivers\sparrow.sys

2008-04-21 23:23 . 2001-08-17 22:07 19,072 --a--c--- C:\WINDOWS\system32\dllcache\sparrow.sys

2008-04-20 18:07 . 2008-04-20 18:07 <DIR> d---s---- C:\Documents and Settings\Wesley\UserData

2008-04-18 18:23 . 2008-04-18 18:23 <DIR> d-------- C:\Arquivos de programas\EA GAMES

2008-04-18 18:23 . 2004-08-18 00:14 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll

2008-04-18 16:03 . 2008-04-18 16:03 0 --------- C:\WINDOWS\WB.ini

2008-04-18 15:56 . 2008-04-18 15:56 <DIR> d-------- C:\Arquivos de programas\Stardock

2008-04-18 15:56 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll

2008-04-18 13:25 . 2008-04-18 13:28 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\Ahead

2008-04-18 10:42 . 2008-04-18 10:42 7,168 --ahs---- C:\WINDOWS\Thumbs.db

2008-04-18 10:40 . 2008-04-18 10:53 <DIR> d--h----- C:\icones

2008-04-18 03:43 . 2008-04-18 03:43 <DIR> d-------- C:\Arquivos de programas\Anders Kjersem

2008-04-18 01:57 . 2008-04-18 01:56 304,640 --ah----- C:\PhotoResize600H.exe

2008-04-18 01:18 . 2008-04-18 01:18 <DIR> d-------- C:\Arquivos de programas\Clip2Net

2008-04-17 23:55 . 2004-08-07 09:36 218,624 --a------ C:\WINDOWS\system32\uxtheme.ubk

2008-04-17 23:55 . 2006-08-09 20:58 218,624 --a------ C:\WINDOWS\system32\uxtheme.dll

2008-04-17 22:08 . 2008-04-18 00:02 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-04-17 21:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-04-17 21:23 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-04-17 21:23 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-04-17 21:03 . 2008-04-20 15:19 <DIR> d-------- C:\Documents and Settings\Wesley\Contacts

2008-04-17 20:56 . 2008-04-17 20:56 268 --ah----- C:\sqmdata01.sqm

2008-04-17 20:56 . 2008-04-17 20:56 244 --ah----- C:\sqmnoopt01.sqm

2008-04-17 20:53 . 2008-04-17 20:53 268 --ah----- C:\sqmdata00.sqm

2008-04-17 20:53 . 2008-04-17 20:53 244 --ah----- C:\sqmnoopt00.sqm

2008-04-17 20:38 . 2008-04-17 20:38 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-04-17 20:01 . 2008-04-17 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-04-17 20:01 . 2008-04-17 20:49 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-04-17 20:01 . 2008-04-17 20:21 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-04-17 19:20 . 2008-04-17 19:20 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\Media Player Classic

2008-04-17 19:20 . 2008-04-24 00:55 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-04-17 19:12 . 2008-04-17 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\McAfee

2008-04-17 19:12 . 2008-04-17 19:12 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Cisco Systems

2008-04-17 19:12 . 2006-12-19 15:06 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll

2008-04-17 19:12 . 2008-01-24 20:50 171,400 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys

2008-04-17 19:12 . 2008-01-24 20:50 72,936 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys

2008-04-17 19:12 . 2008-01-24 20:50 64,232 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys

2008-04-17 19:12 . 2008-01-24 20:50 52,104 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys

2008-04-17 19:12 . 2008-01-24 20:50 33,960 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys

2008-04-17 19:12 . 2006-12-19 15:06 280 --a------ C:\WINDOWS\system32\epoPGPsdk.dll.sig

2008-04-17 19:11 . 2008-04-17 19:11 <DIR> d-------- C:\Arquivos de programas\McAfee

2008-04-17 19:11 . 2008-04-17 19:11 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\McAfee

2008-04-17 18:14 . 2008-04-17 18:14 <DIR> d--h----- C:\Controle

2008-04-17 17:59 . 2008-04-17 17:59 <DIR> d-------- C:\Arquivos de programas\USB Vibration Joystick

2008-04-17 17:58 . 2008-04-17 17:58 <DIR> d-------- C:\Arquivos de programas\Twin USB Vibration Gamepad

2008-04-17 17:54 . 2008-04-17 17:54 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-04-17 17:44 . 2008-04-17 18:13 <DIR> d--h----- C:\winning eleven

2008-04-17 17:31 . 2004-08-04 00:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-04-17 16:56 . 2008-04-17 16:56 <DIR> d-------- C:\Arquivos de programas\Bonjour

2008-04-17 16:40 . 2008-04-17 16:40 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

2008-04-17 16:40 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-04-17 16:35 . 2008-04-17 16:56 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-04-17 16:31 . 2008-04-17 16:31 <DIR> d-------- C:\Arquivos de programas\Hamachi

2008-04-17 16:28 . 2008-04-21 12:58 <DIR> d-------- C:\Arquivos de programas\Valve

2008-04-17 16:26 . 2008-04-24 00:19 <DIR> d-------- C:\Download

2008-04-17 16:22 . 2008-04-18 14:17 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\IDM

2008-04-17 16:22 . 2008-04-23 23:40 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\DMCache

2008-04-17 16:22 . 2008-04-17 16:24 <DIR> d-------- C:\Arquivos de programas\Internet Download Manager

2008-04-17 16:18 . 2008-04-23 09:00 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\LimeWire

2008-04-17 16:18 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-04-17 16:15 . 2008-04-17 17:57 <DIR> d-------- C:\Arquivos de programas\Java

2008-04-17 16:10 . 2006-09-23 18:40 145,400 --ah----- C:\accessibilitycpl.dll_I0141_0409.ico

2008-04-17 16:09 . 2008-04-17 16:09 1,192 --a------ C:\WINDOWS\mozver.dat

2008-04-17 16:02 . 2008-04-17 16:02 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-04-17 16:01 . 2008-04-17 16:18 <DIR> d-------- C:\Arquivos de programas\LimeWire

2008-04-17 16:00 . 2008-04-17 16:00 <DIR> d-------- C:\Arquivos de programas\Google

2008-04-17 15:59 . 2008-04-17 15:59 <DIR> d-------- C:\Arquivos de programas\EPSON

2008-04-17 15:59 . 2003-07-01 00:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll

2008-04-17 15:59 . 2003-08-06 00:00 29,184 --a------ C:\WINDOWS\system32\escwiadn.dll

2008-04-17 15:59 . 2003-07-01 00:00 22,528 --a------ C:\WINDOWS\system32\esccmd.dll

2008-04-17 15:58 . 2008-04-17 15:58 <DIR> d-------- C:\Arquivos de programas\Desliga Aí!

2008-04-17 15:56 . 2008-04-17 15:57 <DIR> d-------- C:\Arquivos de programas\Coolcolor Text Generator

2008-04-17 15:52 . 2008-04-22 11:27 <DIR> d-------- C:\Arquivos de programas\AIMP2

2008-04-17 15:39 . 2008-04-17 15:39 0 --a------ C:\WINDOWS\nsreg.dat

2008-04-17 15:37 . 2004-03-22 12:17 24,816 --a------ C:\WINDOWS\system32\mdimon.dll

2008-04-17 15:37 . 2008-04-17 15:37 421 --a------ C:\WINDOWS\ODBC.INI

2008-04-17 15:36 . 2008-04-17 15:36 <DIR> d-------- C:\Arquivos de programas\Microsoft Works

2008-04-17 15:35 . 2008-04-17 15:36 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-04-17 15:34 . 2008-04-17 15:34 <DIR> d-------- C:\Arquivos de programas\Foxit Software

2008-04-17 15:32 . 2008-04-17 15:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-04-17 15:32 . 2008-04-17 15:32 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-04-17 15:27 . 2008-04-17 15:27 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0

2008-04-17 15:27 . 2008-04-17 15:27 <DIR> d--h----- C:\WINDOWS\PIF

2008-04-17 15:27 . 2008-04-17 15:27 <DIR> d-------- C:\Arquivos de programas\WinAVI Video Converter 9.0

2008-04-17 15:23 . 2008-04-17 15:23 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2008-04-17 15:22 . 2008-04-17 15:22 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-04-17 15:22 . 2008-04-17 15:22 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-04-17 15:21 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-04-17 15:20 . 2008-04-17 15:20 22 --a------ C:\WINDOWS\system32\ati64hlp.stb

2008-04-17 15:14 . 2008-04-17 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-04-17 15:14 . 2008-04-17 15:14 <DIR> d-------- C:\Arquivos de programas\Nero

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-22 02:39 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-04-17 18:01 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-04-17 17:58 --------- d-----w C:\Arquivos de programas\Realtek AC97

2008-04-17 17:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\ESET

2008-04-17 17:29 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-04-17 17:27 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-04-17 17:26 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Anders Kjersem: TransBar"="C:\Arquivos de programas\Anders Kjersem\TransBar\TransBar.exe" [2003-06-09 17:19 16896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ShStatEXE"="C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.exe" [2008-01-24 20:50 111952]

"McAfeeUpdaterUI"="C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 11:27 136768]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.yv12"= yv12vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Wesley^Menu Iniciar^Programas^Inicializar^Reboot.exe]

path=C:\Documents and Settings\Wesley\Menu Iniciar\Programas\Inicializar\Reboot.exe

backup=C:\WINDOWS\pss\Reboot.exeStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Wesley^Menu Iniciar^Programas^Inicializar^SpywareGuard.lnk]

path=C:\Documents and Settings\Wesley\Menu Iniciar\Programas\Inicializar\SpywareGuard.lnk

backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2004-11-11 21:10 344064 C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-05-16 09:27 153136 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clip2Net]

--a------ 2008-02-14 10:33 1479168 C:\Arquivos de programas\Clip2Net\clip2net.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDKS Agent]

C:\WINDOWS\system32\Sys\HDKS.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

--a------ 2008-02-01 12:55 1103240 C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]

C:\Arquivos de programas\VIA\RAID\raid_t

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 04:25 144784 C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\McAfee\\Common Framework\\FrameworkService.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Valve\\hl.exe"=

 

 

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-24 02:08:50

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Anders Kjersem: TransBar = C:\Arquivos de programas\Anders Kjersem\TransBar\TransBar.exe /NoConfig?tLayeredWindowAttributes???????????? ??????????n????@???D???-p??8??????????????|???|???????|???|???w????????,??????? ???f??| ???x??|???w???????????????wW#@?,?!??????????????#@?,?!?????h??

 

Procurando ficheiros ocultos ...

 

 

**************************************************************************

.

Tempo para conclusão: 2008-04-24 2:14:48

ComboFix-quarantined-files.txt 2008-04-24 05:14:43

 

Pre-Run: 15,027,453,952 bytes disponíveis

Post-Run: 15,024,062,464 bytes disponíveis

 

257 --- E O F --- 2008-04-18 01:08:41

 

 

 

___________________________________

_________________________

_________________

 

Logfile of HijackThis v1.99.1

Scan saved at 02:21:30, on 24/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe

C:\Arquivos de programas\McAfee\Common Framework\McTray.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Download\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Arquivos de programas\SpywareGuard\dlprotect.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKCU\..\Run: [Anders Kjersem: TransBar] C:\Arquivos de programas\Anders Kjersem\TransBar\TransBar.exe /NoConfig

O8 - Extra context menu item: Download all links with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

 

eu tenho 2 pendriver, mais eu formatei eles hoje a tarde, e emprestei p um colega , por isso nao conectei aqui no pc

[DigRam 144]

Bom Dia! nowfeer

 

eu tenho 2 pendriver, mais eu formatei eles hoje a tarde, e emprestei p um colega , por isso nao conectei aqui no pc

>@< Se foi formatado,não há motivos para conectá-los.

-------------------------------

<!> No Executar,digite: ComboFix.exe /u >> Clique OK.

 

 

>@< Faça uma busca ao ficheiro,em destaque e,caso encontre,pode deletar.

 

>@< C:\Documents and Settings\Wesley\Menu Iniciar\Programas\Inicializar\Reboot.exe << Delete!

 

Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,completamente Limpo!

Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em:< Docs >

>@< O log está limpo! :thumbsup:

 

Abraços!

[nowfeer 0]

ok ,vlw cara , muito obrigado msm ...

Fique com Deus

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.