nowfeer 0 Denunciar post Postado Abril 23, 2008 axei em um blog na net p poder tirar o kavo.exe e suas entradas manualmente .. depois q tirei o pc voltou a 90% perfeito , mais ainda acho q tem mais.. Logfile of HijackThis v1.99.1 Scan saved at 12:30:18, on 23/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe C:\Arquivos de programas\McAfee\Common Framework\McTray.exe C:\Arquivos de programas\Clip2Net\clip2net.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\taskmgr.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Arquivos de programas\Internet Download Manager\IDMan.exe C:\Arquivos de programas\Internet Download Manager\IEMonitor.exe C:\Download\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t O4 - HKCU\..\Run: [Clip2Net] C:\Arquivos de programas\Clip2Net\clip2net.exe O4 - HKCU\..\Run: [Anders Kjersem: TransBar] C:\Arquivos de programas\Anders Kjersem\TransBar\TransBar.exe /NoConfig O8 - Extra context menu item: Download all links with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing) O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 23, 2008 Boa Tarde! nowfeer >@< Faça o download do ComboFix. >@< Baixe-o para o Desktop! >@< Desabilite as proteções residente de: antivírus,antispywares e Firewall. >@< Feche todas as janelas e execute a ferramenta! Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.Salve-a no Desktop,renomeada como: Kombo.exe Ps: Nomeie durante o salvamento,e não após salvá-la! >@< Abrirá a janela Auto Scan. Aguarde! >@< Digite a opção para continuar e < Enter > >@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado! --------------------------------- >@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
nowfeer 0 Denunciar post Postado Abril 23, 2008 nossa vcs respondem rapido. percebi que depois que executei o combo.exe , a pasta dos windows oculta que nao estava mostrando , voltou a mostrar. aq esta o log Logfile of HijackThis v1.99.1 Scan saved at 19:42:02, on 23/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe C:\Arquivos de programas\McAfee\Common Framework\McTray.exe C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Internet Download Manager\IDMan.exe C:\Arquivos de programas\Internet Download Manager\IEMonitor.exe C:\WINDOWS\explorer.exe C:\Download\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Arquivos de programas\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKCU\..\Run: [Anders Kjersem: TransBar] C:\Arquivos de programas\Anders Kjersem\TransBar\TransBar.exe /NoConfig O8 - Extra context menu item: Download all links with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing) O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe _________________________________________________ __________________________________________ __________________________________ ComboFix 08-04-22.5 - Wesley 2008-04-23 19:33:49.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.79 [GMT -3:00] Executando de: C:\Documents and Settings\Wesley\Desktop\Combo.exe * Criado um novo ponto de restauro WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((( Ficheiros criados de 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))) . 2008-04-23 17:47 . 2008-04-23 17:47 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritos 2008-04-23 16:55 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-04-23 16:55 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-04-23 16:55 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-04-23 16:55 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-04-23 16:54 . 2008-04-23 16:54 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\PC Tools 2008-04-23 16:54 . 2008-04-23 18:47 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor 2008-04-23 15:45 . 2008-04-23 18:43 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator 2008-04-23 15:45 . 2008-04-23 18:43 <DIR> d-------- C:\Arquivos de programas\Spyware Terminator 2008-04-23 15:39 . 1999-12-17 11:13 86,016 --a------ C:\WINDOWS\unvise32.exe 2008-04-23 15:38 . 2008-04-23 15:39 <DIR> d-------- C:\Arquivos de programas\3D Flash Animator 4.9.8.4 2008-04-23 13:47 . 2008-04-23 15:27 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-04-23 13:39 . 2008-04-23 13:39 <DIR> d-------- C:\Arquivos de programas\VirusTotalUploader 2008-04-23 12:33 . 2008-04-23 15:46 <DIR> d-------- C:\Arquivos de programas\SpywareGuard 2008-04-23 12:19 . 2008-04-23 12:19 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-04-23 12:19 . 2008-04-23 12:19 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab 2008-04-23 11:51 . 2008-04-23 11:51 <DIR> d--h----- C:\teste 2008-04-23 11:31 . 2008-04-23 18:53 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP 2008-04-23 11:31 . 2008-04-23 11:36 <DIR> d-------- C:\Arquivos de programas\SpywareBlaster 2008-04-23 11:31 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-04-23 11:08 . 2008-04-23 15:38 <DIR> d-------- C:\!KillBox 2008-04-22 23:50 . 2008-04-23 19:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-22 23:50 . 2008-04-22 23:50 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-22 17:59 . 2008-04-22 18:10 <DIR> d-------- C:\Arquivos de programas\HGI 2008-04-22 14:26 . 2008-04-22 14:26 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\AntsSoft 2008-04-22 14:24 . 2008-04-22 14:24 <DIR> d-------- C:\Arquivos de programas\SWFText 2008-04-21 23:38 . 2008-04-21 23:38 <DIR> d-------- C:\Arquivos de programas\VIA 2008-04-21 23:38 . 2004-07-06 11:45 60,672 -ra------ C:\WINDOWS\system32\drivers\viamraid.sys 2008-04-21 23:37 . 2008-04-21 23:37 <DIR> d-------- C:\Arquivos de programas\On-line Help Console 2008-04-21 23:24 . 2001-08-17 21:52 12,800 --a------ C:\WINDOWS\system32\drivers\aha154x.sys 2008-04-21 23:24 . 2001-08-17 21:52 12,800 --a--c--- C:\WINDOWS\system32\dllcache\aha154x.sys 2008-04-21 23:23 . 2001-08-17 22:07 19,072 --a------ C:\WINDOWS\system32\drivers\sparrow.sys 2008-04-21 23:23 . 2001-08-17 22:07 19,072 --a--c--- C:\WINDOWS\system32\dllcache\sparrow.sys 2008-04-20 18:07 . 2008-04-20 18:07 <DIR> d---s---- C:\Documents and Settings\Wesley\UserData 2008-04-18 18:23 . 2008-04-18 18:23 <DIR> d-------- C:\Arquivos de programas\EA GAMES 2008-04-18 18:23 . 2004-08-18 00:14 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2008-04-18 16:03 . 2008-04-18 16:03 0 --------- C:\WINDOWS\WB.ini 2008-04-18 15:56 . 2008-04-18 15:56 <DIR> d-------- C:\Arquivos de programas\Stardock 2008-04-18 15:56 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll 2008-04-18 13:25 . 2008-04-18 13:28 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\Ahead 2008-04-18 10:42 . 2008-04-18 10:42 7,168 --ahs---- C:\WINDOWS\Thumbs.db 2008-04-18 10:40 . 2008-04-18 10:53 <DIR> d--h----- C:\icones 2008-04-18 03:43 . 2008-04-18 03:43 <DIR> d-------- C:\Arquivos de programas\Anders Kjersem 2008-04-18 01:57 . 2008-04-18 01:56 304,640 --ah----- C:\PhotoResize600H.exe 2008-04-18 01:18 . 2008-04-18 01:18 <DIR> d-------- C:\Arquivos de programas\Clip2Net 2008-04-17 23:55 . 2004-08-07 09:36 218,624 --a------ C:\WINDOWS\system32\uxtheme.ubk 2008-04-17 23:55 . 2006-08-09 20:58 218,624 --a------ C:\WINDOWS\system32\uxtheme.dll 2008-04-17 22:08 . 2008-04-18 00:02 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-04-17 21:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-04-17 21:23 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-04-17 21:23 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-04-17 21:03 . 2008-04-20 15:19 <DIR> d-------- C:\Documents and Settings\Wesley\Contacts 2008-04-17 20:56 . 2008-04-17 20:56 268 --ah----- C:\sqmdata01.sqm 2008-04-17 20:56 . 2008-04-17 20:56 244 --ah----- C:\sqmnoopt01.sqm 2008-04-17 20:53 . 2008-04-17 20:53 268 --ah----- C:\sqmdata00.sqm 2008-04-17 20:53 . 2008-04-17 20:53 244 --ah----- C:\sqmnoopt00.sqm 2008-04-17 20:38 . 2008-04-17 20:38 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-04-17 20:01 . 2008-04-17 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller 2008-04-17 20:01 . 2008-04-17 20:49 <DIR> d-------- C:\Arquivos de programas\Windows Live 2008-04-17 20:01 . 2008-04-17 20:21 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller 2008-04-17 19:59 . 2008-04-23 16:08 <DIR> d-------- C:\QUARANTINE 2008-04-17 19:20 . 2008-04-17 19:20 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\Media Player Classic 2008-04-17 19:20 . 2008-04-23 10:34 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-04-17 19:12 . 2008-04-17 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\McAfee 2008-04-17 19:12 . 2008-04-17 19:12 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Cisco Systems 2008-04-17 19:12 . 2006-12-19 15:06 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll 2008-04-17 19:12 . 2008-01-24 20:50 171,400 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys 2008-04-17 19:12 . 2008-01-24 20:50 72,936 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys 2008-04-17 19:12 . 2008-01-24 20:50 64,232 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys 2008-04-17 19:12 . 2008-01-24 20:50 52,104 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys 2008-04-17 19:12 . 2008-01-24 20:50 33,960 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys 2008-04-17 19:12 . 2006-12-19 15:06 280 --a------ C:\WINDOWS\system32\epoPGPsdk.dll.sig 2008-04-17 19:11 . 2008-04-17 19:11 <DIR> d-------- C:\Arquivos de programas\McAfee 2008-04-17 19:11 . 2008-04-17 19:11 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\McAfee 2008-04-17 18:36 . 2008-04-23 18:32 <DIR> d-------- C:\LinhaDefensiva 2008-04-17 18:14 . 2008-04-17 18:14 <DIR> d--h----- C:\Controle 2008-04-17 17:59 . 2008-04-17 17:59 <DIR> d-------- C:\Arquivos de programas\USB Vibration Joystick 2008-04-17 17:58 . 2008-04-17 17:58 <DIR> d-------- C:\Arquivos de programas\Twin USB Vibration Gamepad 2008-04-17 17:54 . 2008-04-17 17:54 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-04-17 17:44 . 2008-04-17 18:13 <DIR> d--h----- C:\winning eleven 2008-04-17 17:31 . 2004-08-04 00:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-04-17 16:56 . 2008-04-17 16:56 <DIR> d-------- C:\Arquivos de programas\Bonjour 2008-04-17 16:40 . 2008-04-17 16:40 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared 2008-04-17 16:40 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-04-17 16:35 . 2008-04-17 16:56 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe 2008-04-17 16:31 . 2008-04-17 16:31 <DIR> d-------- C:\Arquivos de programas\Hamachi 2008-04-17 16:28 . 2008-04-21 12:58 <DIR> d-------- C:\Arquivos de programas\Valve 2008-04-17 16:26 . 2008-04-23 16:53 <DIR> d-------- C:\Download 2008-04-17 16:22 . 2008-04-18 14:17 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\IDM 2008-04-17 16:22 . 2008-04-23 19:30 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\DMCache 2008-04-17 16:22 . 2008-04-17 16:24 <DIR> d-------- C:\Arquivos de programas\Internet Download Manager 2008-04-17 16:18 . 2008-04-23 09:00 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\LimeWire 2008-04-17 16:18 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-04-17 16:15 . 2008-04-17 17:57 <DIR> d-------- C:\Arquivos de programas\Java 2008-04-17 16:10 . 2006-09-23 18:40 145,400 --ah----- C:\accessibilitycpl.dll_I0141_0409.ico 2008-04-17 16:09 . 2008-04-17 16:09 1,192 --a------ C:\WINDOWS\mozver.dat 2008-04-17 16:02 . 2008-04-17 16:02 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java 2008-04-17 16:01 . 2008-04-17 16:18 <DIR> d-------- C:\Arquivos de programas\LimeWire 2008-04-17 16:00 . 2008-04-17 16:00 <DIR> d-------- C:\Arquivos de programas\Google 2008-04-17 15:59 . 2008-04-17 15:59 <DIR> d-------- C:\Arquivos de programas\EPSON 2008-04-17 15:59 . 2003-07-01 00:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll 2008-04-17 15:59 . 2003-08-06 00:00 29,184 --a------ C:\WINDOWS\system32\escwiadn.dll 2008-04-17 15:59 . 2003-07-01 00:00 22,528 --a------ C:\WINDOWS\system32\esccmd.dll 2008-04-17 15:58 . 2008-04-17 15:58 <DIR> d-------- C:\Arquivos de programas\Desliga Aí! 2008-04-17 15:56 . 2008-04-17 15:57 <DIR> d-------- C:\Arquivos de programas\Coolcolor Text Generator 2008-04-17 15:52 . 2008-04-22 11:27 <DIR> d-------- C:\Arquivos de programas\AIMP2 2008-04-17 15:39 . 2008-04-17 15:39 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-17 15:37 . 2004-03-22 12:17 24,816 --a------ C:\WINDOWS\system32\mdimon.dll 2008-04-17 15:37 . 2008-04-17 15:37 421 --a------ C:\WINDOWS\ODBC.INI 2008-04-17 15:36 . 2008-04-17 15:36 <DIR> d-------- C:\Arquivos de programas\Microsoft Works 2008-04-17 15:35 . 2008-04-17 15:36 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-04-17 15:34 . 2008-04-17 15:34 <DIR> d-------- C:\Arquivos de programas\Foxit Software 2008-04-17 15:32 . 2008-04-17 15:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer 2008-04-17 15:32 . 2008-04-17 15:32 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack 2008-04-17 15:27 . 2008-04-17 15:27 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0 2008-04-17 15:27 . 2008-04-17 15:27 <DIR> d--h----- C:\WINDOWS\PIF 2008-04-17 15:27 . 2008-04-17 15:27 <DIR> d-------- C:\Arquivos de programas\WinAVI Video Converter 9.0 2008-04-17 15:23 . 2008-04-17 15:23 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2 2008-04-17 15:22 . 2008-04-17 15:22 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-04-17 15:22 . 2008-04-17 15:22 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-04-17 15:21 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-04-17 15:20 . 2008-04-17 15:20 22 --a------ C:\WINDOWS\system32\ati64hlp.stb 2008-04-17 15:14 . 2008-04-17 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero 2008-04-17 15:14 . 2008-04-17 15:14 <DIR> d-------- C:\Arquivos de programas\Nero 2008-04-17 15:14 . 2008-04-17 15:15 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-22 02:39 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2008-04-17 18:01 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield 2008-04-17 17:58 --------- d-----w C:\Arquivos de programas\Realtek AC97 2008-04-17 17:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\ESET 2008-04-17 17:29 --------- d-----w C:\Arquivos de programas\microsoft frontpage 2008-04-17 17:27 --------- d-----w C:\Arquivos de programas\Serviços on-line 2008-04-17 17:26 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & legítimas por defeito não são mostradas. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Anders Kjersem: TransBar"="C:\Arquivos de programas\Anders Kjersem\TransBar\TransBar.exe" [2003-06-09 17:19 16896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ShStatEXE"="C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.exe" [2008-01-24 20:50 111952] "McAfeeUpdaterUI"="C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 11:27 136768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Wesley^Menu Iniciar^Programas^Inicializar^Reboot.exe] path=C:\Documents and Settings\Wesley\Menu Iniciar\Programas\Inicializar\Reboot.exe backup=C:\WINDOWS\pss\Reboot.exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^Wesley^Menu Iniciar^Programas^Inicializar^SpywareGuard.lnk] path=C:\Documents and Settings\Wesley\Menu Iniciar\Programas\Inicializar\SpywareGuard.lnk backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2004-11-11 21:10 344064 C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-05-16 09:27 153136 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clip2Net] --a------ 2008-02-14 10:33 1479168 C:\Arquivos de programas\Clip2Net\clip2net.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDKS Agent] C:\WINDOWS\system32\Sys\HDKS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] --a------ 2008-02-01 12:55 1103240 C:\Arquivos de programas\Spyware Doctor\pctsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "C:\\Arquivos de programas\\McAfee\\Common Framework\\FrameworkService.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "C:\\Arquivos de programas\\Valve\\hl.exe"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15447c7d-0fbb-11dd-b737-00142a1ed8ed}] \Shell\AutoRun\command - F:\w0owgn.bat \Shell\explore\Command - F:\w0owgn.bat \Shell\open\Command - F:\w0owgn.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a96ba72-108a-11dd-b73c-00142a1ed8ed}] \Shell\AutoRun\command - F:\i.bat \Shell\explore\Command - F:\i.bat \Shell\open\Command - F:\i.bat *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-23 19:35:37 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run Anders Kjersem: TransBar = C:\Arquivos de programas\Anders Kjersem\TransBar\TransBar.exe /NoConfig?d}?w????????????????????@??????????? ???????????????@???D???<??w??????????????????S????????w??S????wd??w???w???wF???????????????????????????(??????wF??????????????w?$@?F???????????????h?? Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2008-04-23 19:40:11 ComboFix-quarantined-files.txt 2008-04-23 22:39:59 Pre-Run: 14,045,089,792 bytes disponíveis Post-Run: 14,897,520,640 bytes disponíveis 222 --- E O F --- 2008-04-18 01:08:41 uma pergunta... este kavo.exe e tavo.exe sao mesmos passados de pendriver a pendriver?? Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 24, 2008 Bom Dia! nowfeer uma pergunta... este kavo.exe e tavo.exe sao mesmos passados de pendriver a pendriver?? >@< Se o PC estiver infectado,passa a mesma para o pendrive,e vice-versa. --------------------------- Antes de executar este procedimento,insira sua(s) unidade(s) removíveis,na entrada USB. <!> Delete: C:\QooBox C:\ComboFix.txt << Log anterior do ComboFix. --------------------------- >@< Selecione e copie,todo o conteúdo que está na área do CODE,para o Bloco de Notas. >@< Salve-o,no Desktop,com o nome: CFScript.txt File::F:\w0owgn.batF:\i.batRegistry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15447c7d-0fbb-11dd-b737-00142a1ed8ed}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a96ba72-108a-11dd-b73c-00142a1ed8ed}]Folder::C:\!KillBoxC:\QUARANTINEC:\LinhaDefensiva >@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix. >@< Veja a demonstração! >@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente! >@< Caso não reinicie,faça-o manualmente! >@< Durante a execução,não utilize o teclado ou Mouse! >@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
nowfeer 0 Denunciar post Postado Abril 24, 2008 ComboFix 08-04-22.5 - Wesley 2008-04-24 2:06:36.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.48 [GMT -3:00] Executando de: C:\Documents and Settings\Wesley\Desktop\Combo.exe Command switches used :: C:\Documents and Settings\Wesley\Desktop\CFScript.txt * Criado um novo ponto de restauro * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: F:\i.bat F:\w0owgn.bat . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\!KillBox C:\!KillBox\Logs\kb.log C:\LinhaDefensiva C:\LinhaDefensiva\backup.reg C:\LinhaDefensiva\banker.bat C:\LinhaDefensiva\bankerfix.vbs C:\LinhaDefensiva\download.exe C:\LinhaDefensiva\fx.reg C:\LinhaDefensiva\Iniciar-BankerFix.vbs C:\LinhaDefensiva\md5.exe C:\LinhaDefensiva\QUA\2\system32\Sys\akv.cfg C:\LinhaDefensiva\QUA\2\system32\Sys\HDKS.001 C:\LinhaDefensiva\QUA\2\system32\Sys\HDKS.002 C:\LinhaDefensiva\ref-allu C:\LinhaDefensiva\ref-commonfiles C:\LinhaDefensiva\ref-hosts C:\LinhaDefensiva\ref-md5 C:\LinhaDefensiva\ref-mydoc C:\LinhaDefensiva\ref-profile C:\LinhaDefensiva\ref-programfiles C:\LinhaDefensiva\ref-reg C:\LinhaDefensiva\ref-start C:\LinhaDefensiva\ref-startup C:\LinhaDefensiva\ref-sysdrive C:\LinhaDefensiva\ref-system C:\LinhaDefensiva\ref-system32 C:\LinhaDefensiva\ref-tasks C:\LinhaDefensiva\ref-temp C:\LinhaDefensiva\ref-wincommon C:\LinhaDefensiva\ref-windows C:\LinhaDefensiva\reft-startup C:\LinhaDefensiva\RegKeys.txt C:\LinhaDefensiva\regremove C:\LinhaDefensiva\relatorio.txt C:\LinhaDefensiva\unzip.exe C:\LinhaDefensiva\VERSION C:\LinhaDefensiva\webversion.info C:\QUARANTINE . ((((((((((((((((((((((( Ficheiros criados de 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))) . 2008-04-24 01:16 . 2008-04-24 01:16 <DIR> d-------- C:\Arquivos de programas\7-Zip 2008-04-23 20:49 . 2008-04-24 01:15 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\SiteAdvisor 2008-04-23 20:49 . 2008-04-23 20:49 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SiteAdvisor 2008-04-23 19:47 . 2008-04-23 19:47 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\3DFA 2008-04-23 17:47 . 2008-04-23 17:47 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritos 2008-04-23 16:55 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-04-23 16:55 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-04-23 16:55 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-04-23 16:55 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-04-23 16:54 . 2008-04-23 16:54 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\PC Tools 2008-04-23 16:54 . 2008-04-23 18:47 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor 2008-04-23 15:45 . 2008-04-23 18:43 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator 2008-04-23 15:45 . 2008-04-23 18:43 <DIR> d-------- C:\Arquivos de programas\Spyware Terminator 2008-04-23 15:39 . 1999-12-17 11:13 86,016 --a------ C:\WINDOWS\unvise32.exe 2008-04-23 15:38 . 2008-04-24 00:48 <DIR> d-------- C:\Arquivos de programas\3D Flash Animator 4.9.8.4 2008-04-23 13:47 . 2008-04-23 15:27 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-04-23 13:39 . 2008-04-23 13:39 <DIR> d-------- C:\Arquivos de programas\VirusTotalUploader 2008-04-23 12:33 . 2008-04-23 15:46 <DIR> d-------- C:\Arquivos de programas\SpywareGuard 2008-04-23 12:19 . 2008-04-23 12:19 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-04-23 12:19 . 2008-04-23 12:19 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab 2008-04-23 11:51 . 2008-04-23 11:51 <DIR> d--h----- C:\teste 2008-04-23 11:31 . 2008-04-23 18:53 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP 2008-04-23 11:31 . 2008-04-23 11:36 <DIR> d-------- C:\Arquivos de programas\SpywareBlaster 2008-04-23 11:31 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-04-22 23:50 . 2008-04-23 19:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-22 23:50 . 2008-04-22 23:50 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-22 17:59 . 2008-04-22 18:10 <DIR> d-------- C:\Arquivos de programas\HGI 2008-04-22 14:26 . 2008-04-22 14:26 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\AntsSoft 2008-04-22 14:24 . 2008-04-22 14:24 <DIR> d-------- C:\Arquivos de programas\SWFText 2008-04-21 23:38 . 2008-04-21 23:38 <DIR> d-------- C:\Arquivos de programas\VIA 2008-04-21 23:38 . 2004-07-06 11:45 60,672 -ra------ C:\WINDOWS\system32\drivers\viamraid.sys 2008-04-21 23:37 . 2008-04-21 23:37 <DIR> d-------- C:\Arquivos de programas\On-line Help Console 2008-04-21 23:24 . 2001-08-17 21:52 12,800 --a------ C:\WINDOWS\system32\drivers\aha154x.sys 2008-04-21 23:24 . 2001-08-17 21:52 12,800 --a--c--- C:\WINDOWS\system32\dllcache\aha154x.sys 2008-04-21 23:23 . 2001-08-17 22:07 19,072 --a------ C:\WINDOWS\system32\drivers\sparrow.sys 2008-04-21 23:23 . 2001-08-17 22:07 19,072 --a--c--- C:\WINDOWS\system32\dllcache\sparrow.sys 2008-04-20 18:07 . 2008-04-20 18:07 <DIR> d---s---- C:\Documents and Settings\Wesley\UserData 2008-04-18 18:23 . 2008-04-18 18:23 <DIR> d-------- C:\Arquivos de programas\EA GAMES 2008-04-18 18:23 . 2004-08-18 00:14 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2008-04-18 16:03 . 2008-04-18 16:03 0 --------- C:\WINDOWS\WB.ini 2008-04-18 15:56 . 2008-04-18 15:56 <DIR> d-------- C:\Arquivos de programas\Stardock 2008-04-18 15:56 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll 2008-04-18 13:25 . 2008-04-18 13:28 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\Ahead 2008-04-18 10:42 . 2008-04-18 10:42 7,168 --ahs---- C:\WINDOWS\Thumbs.db 2008-04-18 10:40 . 2008-04-18 10:53 <DIR> d--h----- C:\icones 2008-04-18 03:43 . 2008-04-18 03:43 <DIR> d-------- C:\Arquivos de programas\Anders Kjersem 2008-04-18 01:57 . 2008-04-18 01:56 304,640 --ah----- C:\PhotoResize600H.exe 2008-04-18 01:18 . 2008-04-18 01:18 <DIR> d-------- C:\Arquivos de programas\Clip2Net 2008-04-17 23:55 . 2004-08-07 09:36 218,624 --a------ C:\WINDOWS\system32\uxtheme.ubk 2008-04-17 23:55 . 2006-08-09 20:58 218,624 --a------ C:\WINDOWS\system32\uxtheme.dll 2008-04-17 22:08 . 2008-04-18 00:02 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-04-17 21:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-04-17 21:23 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-04-17 21:23 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-04-17 21:03 . 2008-04-20 15:19 <DIR> d-------- C:\Documents and Settings\Wesley\Contacts 2008-04-17 20:56 . 2008-04-17 20:56 268 --ah----- C:\sqmdata01.sqm 2008-04-17 20:56 . 2008-04-17 20:56 244 --ah----- C:\sqmnoopt01.sqm 2008-04-17 20:53 . 2008-04-17 20:53 268 --ah----- C:\sqmdata00.sqm 2008-04-17 20:53 . 2008-04-17 20:53 244 --ah----- C:\sqmnoopt00.sqm 2008-04-17 20:38 . 2008-04-17 20:38 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-04-17 20:01 . 2008-04-17 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller 2008-04-17 20:01 . 2008-04-17 20:49 <DIR> d-------- C:\Arquivos de programas\Windows Live 2008-04-17 20:01 . 2008-04-17 20:21 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller 2008-04-17 19:20 . 2008-04-17 19:20 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\Media Player Classic 2008-04-17 19:20 . 2008-04-24 00:55 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-04-17 19:12 . 2008-04-17 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\McAfee 2008-04-17 19:12 . 2008-04-17 19:12 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Cisco Systems 2008-04-17 19:12 . 2006-12-19 15:06 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll 2008-04-17 19:12 . 2008-01-24 20:50 171,400 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys 2008-04-17 19:12 . 2008-01-24 20:50 72,936 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys 2008-04-17 19:12 . 2008-01-24 20:50 64,232 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys 2008-04-17 19:12 . 2008-01-24 20:50 52,104 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys 2008-04-17 19:12 . 2008-01-24 20:50 33,960 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys 2008-04-17 19:12 . 2006-12-19 15:06 280 --a------ C:\WINDOWS\system32\epoPGPsdk.dll.sig 2008-04-17 19:11 . 2008-04-17 19:11 <DIR> d-------- C:\Arquivos de programas\McAfee 2008-04-17 19:11 . 2008-04-17 19:11 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\McAfee 2008-04-17 18:14 . 2008-04-17 18:14 <DIR> d--h----- C:\Controle 2008-04-17 17:59 . 2008-04-17 17:59 <DIR> d-------- C:\Arquivos de programas\USB Vibration Joystick 2008-04-17 17:58 . 2008-04-17 17:58 <DIR> d-------- C:\Arquivos de programas\Twin USB Vibration Gamepad 2008-04-17 17:54 . 2008-04-17 17:54 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-04-17 17:44 . 2008-04-17 18:13 <DIR> d--h----- C:\winning eleven 2008-04-17 17:31 . 2004-08-04 00:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-04-17 16:56 . 2008-04-17 16:56 <DIR> d-------- C:\Arquivos de programas\Bonjour 2008-04-17 16:40 . 2008-04-17 16:40 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared 2008-04-17 16:40 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-04-17 16:35 . 2008-04-17 16:56 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe 2008-04-17 16:31 . 2008-04-17 16:31 <DIR> d-------- C:\Arquivos de programas\Hamachi 2008-04-17 16:28 . 2008-04-21 12:58 <DIR> d-------- C:\Arquivos de programas\Valve 2008-04-17 16:26 . 2008-04-24 00:19 <DIR> d-------- C:\Download 2008-04-17 16:22 . 2008-04-18 14:17 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\IDM 2008-04-17 16:22 . 2008-04-23 23:40 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\DMCache 2008-04-17 16:22 . 2008-04-17 16:24 <DIR> d-------- C:\Arquivos de programas\Internet Download Manager 2008-04-17 16:18 . 2008-04-23 09:00 <DIR> d-------- C:\Documents and Settings\Wesley\Dados de aplicativos\LimeWire 2008-04-17 16:18 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-04-17 16:15 . 2008-04-17 17:57 <DIR> d-------- C:\Arquivos de programas\Java 2008-04-17 16:10 . 2006-09-23 18:40 145,400 --ah----- C:\accessibilitycpl.dll_I0141_0409.ico 2008-04-17 16:09 . 2008-04-17 16:09 1,192 --a------ C:\WINDOWS\mozver.dat 2008-04-17 16:02 . 2008-04-17 16:02 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java 2008-04-17 16:01 . 2008-04-17 16:18 <DIR> d-------- C:\Arquivos de programas\LimeWire 2008-04-17 16:00 . 2008-04-17 16:00 <DIR> d-------- C:\Arquivos de programas\Google 2008-04-17 15:59 . 2008-04-17 15:59 <DIR> d-------- C:\Arquivos de programas\EPSON 2008-04-17 15:59 . 2003-07-01 00:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll 2008-04-17 15:59 . 2003-08-06 00:00 29,184 --a------ C:\WINDOWS\system32\escwiadn.dll 2008-04-17 15:59 . 2003-07-01 00:00 22,528 --a------ C:\WINDOWS\system32\esccmd.dll 2008-04-17 15:58 . 2008-04-17 15:58 <DIR> d-------- C:\Arquivos de programas\Desliga Aí! 2008-04-17 15:56 . 2008-04-17 15:57 <DIR> d-------- C:\Arquivos de programas\Coolcolor Text Generator 2008-04-17 15:52 . 2008-04-22 11:27 <DIR> d-------- C:\Arquivos de programas\AIMP2 2008-04-17 15:39 . 2008-04-17 15:39 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-17 15:37 . 2004-03-22 12:17 24,816 --a------ C:\WINDOWS\system32\mdimon.dll 2008-04-17 15:37 . 2008-04-17 15:37 421 --a------ C:\WINDOWS\ODBC.INI 2008-04-17 15:36 . 2008-04-17 15:36 <DIR> d-------- C:\Arquivos de programas\Microsoft Works 2008-04-17 15:35 . 2008-04-17 15:36 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-04-17 15:34 . 2008-04-17 15:34 <DIR> d-------- C:\Arquivos de programas\Foxit Software 2008-04-17 15:32 . 2008-04-17 15:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer 2008-04-17 15:32 . 2008-04-17 15:32 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack 2008-04-17 15:27 . 2008-04-17 15:27 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0 2008-04-17 15:27 . 2008-04-17 15:27 <DIR> d--h----- C:\WINDOWS\PIF 2008-04-17 15:27 . 2008-04-17 15:27 <DIR> d-------- C:\Arquivos de programas\WinAVI Video Converter 9.0 2008-04-17 15:23 . 2008-04-17 15:23 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2 2008-04-17 15:22 . 2008-04-17 15:22 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-04-17 15:22 . 2008-04-17 15:22 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-04-17 15:21 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-04-17 15:20 . 2008-04-17 15:20 22 --a------ C:\WINDOWS\system32\ati64hlp.stb 2008-04-17 15:14 . 2008-04-17 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero 2008-04-17 15:14 . 2008-04-17 15:14 <DIR> d-------- C:\Arquivos de programas\Nero . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-22 02:39 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2008-04-17 18:01 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield 2008-04-17 17:58 --------- d-----w C:\Arquivos de programas\Realtek AC97 2008-04-17 17:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\ESET 2008-04-17 17:29 --------- d-----w C:\Arquivos de programas\microsoft frontpage 2008-04-17 17:27 --------- d-----w C:\Arquivos de programas\Serviços on-line 2008-04-17 17:26 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & legítimas por defeito não são mostradas. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Anders Kjersem: TransBar"="C:\Arquivos de programas\Anders Kjersem\TransBar\TransBar.exe" [2003-06-09 17:19 16896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ShStatEXE"="C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.exe" [2008-01-24 20:50 111952] "McAfeeUpdaterUI"="C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 11:27 136768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Wesley^Menu Iniciar^Programas^Inicializar^Reboot.exe] path=C:\Documents and Settings\Wesley\Menu Iniciar\Programas\Inicializar\Reboot.exe backup=C:\WINDOWS\pss\Reboot.exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^Wesley^Menu Iniciar^Programas^Inicializar^SpywareGuard.lnk] path=C:\Documents and Settings\Wesley\Menu Iniciar\Programas\Inicializar\SpywareGuard.lnk backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2004-11-11 21:10 344064 C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-05-16 09:27 153136 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clip2Net] --a------ 2008-02-14 10:33 1479168 C:\Arquivos de programas\Clip2Net\clip2net.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDKS Agent] C:\WINDOWS\system32\Sys\HDKS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] --a------ 2008-02-01 12:55 1103240 C:\Arquivos de programas\Spyware Doctor\pctsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "C:\\Arquivos de programas\\McAfee\\Common Framework\\FrameworkService.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "C:\\Arquivos de programas\\Valve\\hl.exe"= . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-24 02:08:50 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run Anders Kjersem: TransBar = C:\Arquivos de programas\Anders Kjersem\TransBar\TransBar.exe /NoConfig?tLayeredWindowAttributes???????????? ??????????n????@???D???-p??8??????????????|???|???????|???|???w????????,??????? ???f??| ???x??|???w???????????????wW#@?,?!??????????????#@?,?!?????h?? Procurando ficheiros ocultos ... ************************************************************************** . Tempo para conclusão: 2008-04-24 2:14:48 ComboFix-quarantined-files.txt 2008-04-24 05:14:43 Pre-Run: 15,027,453,952 bytes disponíveis Post-Run: 15,024,062,464 bytes disponíveis 257 --- E O F --- 2008-04-18 01:08:41 ___________________________________ _________________________ _________________ Logfile of HijackThis v1.99.1 Scan saved at 02:21:30, on 24/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe C:\Arquivos de programas\McAfee\Common Framework\McTray.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Download\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Arquivos de programas\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKCU\..\Run: [Anders Kjersem: TransBar] C:\Arquivos de programas\Anders Kjersem\TransBar\TransBar.exe /NoConfig O8 - Extra context menu item: Download all links with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing) O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe eu tenho 2 pendriver, mais eu formatei eles hoje a tarde, e emprestei p um colega , por isso nao conectei aqui no pc Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 24, 2008 Bom Dia! nowfeer eu tenho 2 pendriver, mais eu formatei eles hoje a tarde, e emprestei p um colega , por isso nao conectei aqui no pc >@< Se foi formatado,não há motivos para conectá-los. ------------------------------- <!> No Executar,digite: ComboFix.exe /u >> Clique OK. >@< Faça uma busca ao ficheiro,em destaque e,caso encontre,pode deletar. >@< C:\Documents and Settings\Wesley\Menu Iniciar\Programas\Inicializar\Reboot.exe << Delete! Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,completamente Limpo!Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok. Depois,desmarque novamente! >> Aplicar >> Ok. Para maiores detalhes,vá em:< Docs > >@< O log está limpo! :thumbsup: Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
nowfeer 0 Denunciar post Postado Abril 24, 2008 ok ,vlw cara , muito obrigado msm ... Fique com Deus Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 24, 2008 PROBLEMA RESOLVIDO! Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico. Compartilhar este post Link para o post Compartilhar em outros sites
