[Arquivado] CID..

[calculista 0]

algume me ajuda...

esse CID ta me dexando loco jah...

toda vez que eu to na net abri pagina sozinhoo...

ta xato isso...

agradeço a atençao

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:19:04, on 11/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://br.yahoo.com/

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [second bat creative peak] C:\Documents and Settings\All Users\Dados de aplicativos\Axis Readme Second Bat\bat byte.exe

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "c:\arquivos de programas\steam\steam.exe" -silent

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Cake Amok] C:\DOCUME~1\ANNIBA~1\DADOSD~1\FUNKBO~1\procfree.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209664876812

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 4801 bytes

[jgarcia 1]

Opa calculista,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

[calculista 0]

fala,jgarcia...

meu pc nao reinicio altomatico mais..

axo que deu tudo certoo....

seguindo seus procedimentos abaixo..

 

ComboFix 08-05-11.1 - annibal amaral 2008-05-12 17:50:03.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1660 [GMT -3:00]

Executando de: C:\Documents and Settings\annibal amaral\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

E:\host.exe

E:\RavMonE.exe

E:\RECYCLER\desktop.ini

E:\RECYCLER\RECYCLER.exe

 

----- File Replicators -----

 

C:\WINDOWS\SoftwareDistribution\Download\064f9f96c7c3db5c5b77a9199969336f\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\15be576767b5bd8bc4ed79050bbbc370\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\183630b1fbe6c708f8a9003a2a4c5e33\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\1f50c0954e0164dbb2092f1aeadc5e67\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\2113d048c3e9840f3dcb3e7813b83786\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\2b7a16fc6af61427731ea2b06a4be030\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\2bf46de0130d667af0ba6c703c15897e\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\2dd79403bdffcbbcc75c816dc9e37db0\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\2ee8cf6452af6a44fd2b76ded9d54431\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\2f24424d389529e4975e45836c76a980\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\35c1922e112a6833968ce197e5db95fd\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\37a28b24504993a9d01c8cc605fb0b3c\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\39b89ace70b7b8835cbd8e0693198ce9\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\419538be09f9b2255a3690de97d113b9\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\43ee4ee5d1dc79bba90867fe428217fc\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\4418549c3e99eda12bd6297ba780bf9e\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\4736065ec52279f99e717b12219ea2d4\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\4fee81c2fb8e6d7ba70757b94dfba73b\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\56132a19ce10316188f02854ebb7222a\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\649bb476776203faad91c4455fba204f\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\676d3efdaf546132c64e5f280b0865e1\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\69f668bdf9b40fbbe3ef605c1f21c9e4\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\6afc0b0149b906f32908b235831feeec\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\6b2086b2bdd20a59551c541b6d817f3b\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\715cc53803e81fff3ef4f5f400cab208\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\7ac7ddd4a9e4f40bbe0fd03189c22cf5\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\7e9b21d4f80bf17b81c47ea361028a3a\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\891c21fd2461580935b9228e68e70b45\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\89a8f3fd400fcd42be771911b4a08489\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\8b1c26d370a41fcb3352586f518f2092\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\99cb48a805384813a190ed1ad5003d13\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\a34b6c3ab2a3c02756058e3875a03155\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\a6fb915c0e53fa2aeb1d2318866ff0e2\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\aba5990f0be351c8647b4e3c26620e59\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\ac24e16c8e38bdb51d03d4388b62babf\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\b9fafcb4f08309cfc9fe52fdea805e5a\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\bc853717610463cf1156ab18b5bf0256\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\beeac321424235daea3ad818a7aa07fe\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\c0417d26a88bf904de7e7535ef0275d7\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\c16c33c3e998f2f8b8c57743246df771\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\c54172e02e974cecbb4aa24d6789e32a\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\c8fe5f01ed16544673a6d5989589d632\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\cb2fd29c6b17af2ed5742a7a65563b60\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\cba20407d444ff22947fa6836674d912\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\e19584c436beb91ef78046f6c193812f\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\e46a30ca1981b47af4d276637d756208\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\e60d9c6a736d8b0ec545025e8dc847fc\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\e8f724596a310295800f2e856abecca5\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\e918df34680aabbbe3d85686dfa8e8f4\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\ec36e0f7084de6c91466b85cc41f585d\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\ef0e71befb6cd4fcbd605d707433bd1c\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\efb919abe0c93747a9107ad839e53526\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\f03b951d09006e999aae3a456630fb6c\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\f1e95efde9d0fcd98ccb360c7cd7f789\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\fb1a8e89b9162c5c34135759dcfa7b21\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\fd36cd0e887184cea4e59fdb8e14ef12\update\update.exe

.

.

((((((((((((((((((((((( Ficheiros criados de 2008-04-12 to 2008-05-12 ))))))))))))))))))))))))))))))))

.

 

2008-05-12 17:50 . 2008-05-12 17:50 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

2008-05-11 18:48 . 2008-05-11 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-05-10 18:57 . 2008-05-11 11:48 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2008-05-10 18:40 . 2008-05-10 18:40 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-05-10 18:11 . 2008-05-10 18:11 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb

2008-05-10 18:11 . 2008-05-10 18:11 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb

2008-05-09 16:50 . 2008-05-09 16:50 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2008-05-09 16:49 . 2008-05-09 16:49 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-05-09 16:49 . 2008-05-10 18:09 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-05-09 16:49 . 2008-05-09 16:49 <DIR> d-------- C:\13baba1c835e44418a1e8bc2

2008-05-09 16:48 . 2008-05-09 16:49 <DIR> d-------- C:\9e03e2b3159fdfb697814839be4199

2008-05-09 16:24 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

2008-05-09 16:24 . 2001-08-17 21:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys

2008-05-09 16:20 . 2008-05-09 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg8

2008-05-08 22:55 . 2008-01-07 14:29 366 --ah----- C:\WINDOWS\nod32fixtemdono.reg

2008-05-08 22:54 . 2008-05-08 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\ESET

2008-05-08 22:54 . 2008-05-08 22:54 <DIR> d-------- C:\Arquivos de programas\ESET

2008-05-04 15:39 . 2008-05-11 00:02 <DIR> d-------- C:\Arquivos de programas\CABAL Online (BRAZIL)

2008-05-04 15:39 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-05-04 13:29 . 2008-05-04 15:20 <DIR> d--h----- C:\$AVG8.VAULT$

2008-05-04 13:24 . 2008-05-04 15:37 <DIR> d-------- C:\Documents and Settings\annibal amaral\Dados de aplicativos\AVGTOOLBAR

2008-05-04 12:50 . 2008-05-04 12:50 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-05-03 11:46 . 2008-05-03 11:46 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET

2008-05-03 11:46 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-05-03 11:46 . 2008-05-03 11:46 421 --a------ C:\WINDOWS\ODBC.INI

2008-05-03 11:45 . 2008-05-03 11:46 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-05-03 11:29 . 2008-05-03 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Axis Readme Second Bat

2008-05-03 11:28 . 2008-05-03 11:29 <DIR> d-------- C:\Documents and Settings\annibal amaral\Dados de aplicativos\funk bore setup

2008-05-03 11:28 . 2008-05-03 11:28 <DIR> d-------- C:\Arquivos de programas\funk bore setup

2008-05-03 11:21 . 2008-05-03 11:21 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-05-02 13:35 . 2008-05-05 20:10 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-05-02 13:20 . 2008-05-10 18:58 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-05-01 23:47 . 2008-05-01 23:48 <DIR> d-------- C:\Arquivos de programas\Norton Internet Security

2008-05-01 23:41 . 2008-05-01 23:37 3,584 --a------ C:\WINDOWS\_RegDLL.tmp

2008-05-01 23:31 . 2008-05-01 23:46 <DIR> d-------- C:\Arquivos de programas\NTFS Undelete

2008-05-01 22:39 . 2008-05-01 22:39 268 --ah----- C:\sqmdata03.sqm

2008-05-01 22:39 . 2008-05-01 22:39 244 --ah----- C:\sqmnoopt03.sqm

2008-05-01 22:35 . 2008-05-01 22:35 <DIR> d-------- C:\Documents and Settings\annibal amaral\Dados de aplicativos\Ahead

2008-05-01 22:33 . 2008-05-01 22:33 268 --ah----- C:\sqmdata02.sqm

2008-05-01 22:33 . 2008-05-01 22:33 244 --ah----- C:\sqmnoopt02.sqm

2008-05-01 19:22 . 2008-05-01 19:22 268 --ah----- C:\sqmdata01.sqm

2008-05-01 19:22 . 2008-05-01 19:22 244 --ah----- C:\sqmnoopt01.sqm

2008-05-01 18:52 . 2008-05-01 22:35 16 --a------ C:\WINDOWS\system32\coh.cache

2008-05-01 18:40 . 2008-05-01 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-05-01 18:39 . 2008-05-01 23:48 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-05-01 18:37 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-05-01 18:33 . 2008-05-01 18:33 268 --ah----- C:\sqmdata00.sqm

2008-05-01 18:33 . 2008-05-01 18:33 244 --ah----- C:\sqmnoopt00.sqm

2008-05-01 17:43 . 2008-05-12 16:22 <DIR> d-------- C:\Arquivos de programas\Steam

2008-05-01 17:27 . 2008-05-01 17:27 3,932,214 --a------ C:\WINDOWS\AW_XenoMorph1280.bmp

2008-05-01 17:22 . 2008-05-01 23:47 <DIR> d-------- C:\Documents and Settings\annibal amaral\Contacts

2008-05-01 15:37 . 2008-05-01 23:48 <DIR> d-------- C:\Arquivos de programas\Windows Live Toolbar

2008-05-01 15:24 . 2008-05-01 15:24 <DIR> d-------- C:\Documents and Settings\annibal amaral\Dados de aplicativos\CyberLink

2008-05-01 15:19 . 2008-05-03 11:18 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-05-01 15:19 . 2008-05-01 15:35 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-05-01 15:19 . 2008-05-03 11:20 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-05-01 15:16 . 2008-05-01 21:29 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-05-01 15:14 . 2005-04-20 08:32 2,916,352 --------- C:\WINDOWS\UNNMP.exe

2008-05-01 15:14 . 2005-10-24 11:55 49,870 --------- C:\WINDOWS\UNNMP.cfg

2008-05-01 15:13 . 2008-05-01 15:13 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nero

2008-05-01 15:13 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2008-05-01 15:12 . 2008-05-01 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Ahead

2008-05-01 15:12 . 2008-05-01 15:12 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-05-01 15:12 . 2008-05-01 15:14 <DIR> d-------- C:\Arquivos de programas\Ahead

2008-05-01 15:12 . 2005-09-07 13:08 3,006,464 --------- C:\WINDOWS\UNNeroVision.exe

2008-05-01 15:12 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2008-05-01 15:12 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2008-05-01 15:12 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2008-05-01 15:12 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll

2008-05-01 15:12 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2008-05-01 15:12 . 2005-10-24 11:55 209,791 --------- C:\WINDOWS\UNNeroVision.cfg

2008-05-01 15:12 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2008-05-01 15:12 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll

2008-05-01 15:12 . 2001-03-08 19:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll

2008-05-01 15:09 . 2008-05-01 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-05-01 15:09 . 2008-05-01 15:09 <DIR> d-------- C:\Arquivos de programas\CyberLink

2008-05-01 15:04 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2008-05-01 15:04 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-05-01 15:04 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-05-01 15:04 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-05-01 15:04 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-05-01 15:00 . 2008-05-01 15:00 <DIR> d---s---- C:\Documents and Settings\annibal amaral\UserData

2008-05-01 15:00 . 2008-05-01 15:00 2,403,344 --a------ C:\Arquivos de programas\WLinstaller.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-02 01:43 --------- d-----w C:\Arquivos de programas\Realtek

2008-05-01 18:09 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-05-01 18:05 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-05-01 17:30 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-05-01 17:24 --------- d-----w C:\Arquivos de programas\Yahoo!

2008-05-01 17:24 --------- d-----w C:\Arquivos de programas\Intel

2008-05-01 17:16 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-05-01 17:15 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-05-01 17:14 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"Steam"="c:\arquivos de programas\steam\steam.exe" [2008-05-02 08:07 1271032]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"Cake Amok"="C:\DOCUME~1\ANNIBA~1\DADOSD~1\FUNKBO~1\procfree.exe" [2008-05-03 11:28 473600]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 00:56 1667584]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 14:07 8491008]

"nwiz"="nwiz.exe" [2007-09-16 14:07 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 14:07 81920]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 05:08 16380416 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2007-06-15 05:45 1826816 C:\WINDOWS\SkyTel.exe]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"Second bat creative peak"="C:\Documents and Settings\All Users\Dados de aplicativos\Axis Readme Second Bat\bat byte.exe" [2008-05-12 16:23 1101824]

"egui"="C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]

S3 XDva134;XDva134;C:\WINDOWS\system32\XDva134.sys []

 

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-05-12 20:00:00 C:\WINDOWS\Tasks\AF7443049193F4F4.job"

- c:\docume~1\anniba~1\dadosd~1\funkbo~1\Memo 01 Meow.exe

"2008-05-12 20:20:00 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-12 17:50:55

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-05-12 17:51:23

ComboFix-quarantined-files.txt 2008-05-12 20:51:21

 

Pre-Run: 303,875,276,800 bytes disponíveis

Post-Run: 303,913,963,520 bytes disponíveis

 

223

 

o outro log pedido...abaixo:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:59:36, on 12/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://br.yahoo.com/

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [second bat creative peak] C:\Documents and Settings\All Users\Dados de aplicativos\Axis Readme Second Bat\bat byte.exe

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "c:\arquivos de programas\steam\steam.exe" -silent

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Cake Amok] C:\DOCUME~1\ANNIBA~1\DADOSD~1\FUNKBO~1\procfree.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209664876812

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 4936 bytes

 

 

abraços..

[jgarcia 1]

Opa calculista,

 

Siga as instruções:

 

1. Reinicie a máquina em Modo Seguro.

 

2. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

C:\Documents and Settings\All Users\Dados de aplicativos\Axis Readme Second Bat\bat byte.exe

C:\DOCUME~1\ANNIBA~1\DADOSD~1\FUNKBO~1\procfree.exe

c:\docume~1\anniba~1\dadosd~1\funkbo~1\Memo 01 Meow.exe

C:\WINDOWS\Tasks\AF7443049193F4F4.job

C:\WINDOWS\nod32fixtemdono.reg

C:\WINDOWS\_RegDLL.tmp

Folder::

C:\Documents and Settings\All Users\Dados de aplicativos\Axis Readme Second Bat

C:\Documents and Settings\annibal amaral\Dados de aplicativos\funk bore setup

C:\Arquivos de programas\funk bore setup

C:\WINDOWS\SoftwareDistribution

C:\13baba1c835e44418a1e8bc2

C:\9e03e2b3159fdfb697814839be4199

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cake Amok"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Second bat creative peak"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1 (0x0)

ATENÇÃO: O script acima foi elaborado especifícamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

• 3. Salve o arquivo como CFScript.txt;
   
  4. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
  
   
  5. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta.
  

Abraços.

[calculista 0]

fala,JGARCIA...

segue o log...

 

 

ComboFix 08-05-11.1 - annibal amaral 2008-05-14 10:54:20.2 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1808 [GMT -3:00]

Executando de: C:\Documents and Settings\annibal amaral\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\annibal amaral\Desktop\CFScript.txt

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

c:\docume~1\anniba~1\dadosd~1\funkbo~1\Memo 01 Meow.exe

C:\DOCUME~1\ANNIBA~1\DADOSD~1\FUNKBO~1\procfree.exe

C:\Documents and Settings\All Users\Dados de aplicativos\Axis Readme Second Bat\bat byte.exe

C:\WINDOWS\_RegDLL.tmp

C:\WINDOWS\nod32fixtemdono.reg

C:\WINDOWS\Tasks\AF7443049193F4F4.job

C:\WINDOWS\SoftwareDistribution :#:

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\13baba1c835e44418a1e8bc2

C:\13baba1c835e44418a1e8bc2\update\update.exe

C:\13baba1c835e44418a1e8bc2\update\wpdinstallutil.dll

C:\9e03e2b3159fdfb697814839be4199

C:\9e03e2b3159fdfb697814839be4199\update\update.exe

C:\9e03e2b3159fdfb697814839be4199\update\wudfcustom.dll

C:\Arquivos de programas\funk bore setup

c:\docume~1\anniba~1\dadosd~1\funkbo~1\Memo 01 Meow.exe

C:\DOCUME~1\ANNIBA~1\DADOSD~1\FUNKBO~1\procfree.exe

C:\Documents and Settings\All Users\Dados de aplicativos\Axis Readme Second Bat

C:\Documents and Settings\All Users\Dados de aplicativos\Axis Readme Second Bat\bat byte.exe

C:\Documents and Settings\annibal amaral\Dados de aplicativos\funk bore setup

C:\Documents and Settings\annibal amaral\Dados de aplicativos\funk bore setup\0

C:\Documents and Settings\annibal amaral\Dados de aplicativos\funk bore setup\Memo 01 Meow.exe

C:\Documents and Settings\annibal amaral\Dados de aplicativos\funk bore setup\procfree.exe

C:\Documents and Settings\annibal amaral\Dados de aplicativos\funk bore setup\rxwsrpdy.exe

C:\Documents and Settings\annibal amaral\Dados de aplicativos\funk bore setup\Third chic hold win.exe

C:\WINDOWS\_RegDLL.tmp

C:\WINDOWS\nod32fixtemdono.reg

C:\WINDOWS\Tasks\AF7443049193F4F4.job

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))))

.

 

2008-05-12 17:50 . 2008-05-12 17:50 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

2008-05-11 18:48 . 2008-05-11 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-05-10 18:57 . 2008-05-11 11:48 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2008-05-10 18:40 . 2008-05-10 18:40 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-05-10 18:11 . 2008-05-10 18:11 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb

2008-05-10 18:11 . 2008-05-10 18:11 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb

2008-05-09 16:50 . 2008-05-09 16:50 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2008-05-09 16:49 . 2008-05-09 16:49 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-05-09 16:49 . 2008-05-10 18:09 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-05-09 16:24 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

2008-05-09 16:24 . 2001-08-17 21:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys

2008-05-09 16:20 . 2008-05-09 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg8

2008-05-08 22:54 . 2008-05-08 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\ESET

2008-05-08 22:54 . 2008-05-08 22:54 <DIR> d-------- C:\Arquivos de programas\ESET

2008-05-04 15:39 . 2008-05-11 00:02 <DIR> d-------- C:\Arquivos de programas\CABAL Online (BRAZIL)

2008-05-04 15:39 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-05-04 13:29 . 2008-05-04 15:20 <DIR> d--h----- C:\$AVG8.VAULT$

2008-05-04 13:24 . 2008-05-04 15:37 <DIR> d-------- C:\Documents and Settings\annibal amaral\Dados de aplicativos\AVGTOOLBAR

2008-05-04 12:50 . 2008-05-04 12:50 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-05-03 11:46 . 2008-05-03 11:46 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET

2008-05-03 11:46 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-05-03 11:46 . 2008-05-03 11:46 421 --a------ C:\WINDOWS\ODBC.INI

2008-05-03 11:45 . 2008-05-03 11:46 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-05-03 11:21 . 2008-05-03 11:21 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-05-02 13:35 . 2008-05-05 20:10 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-05-02 13:20 . 2008-05-10 18:58 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-05-01 23:47 . 2008-05-01 23:48 <DIR> d-------- C:\Arquivos de programas\Norton Internet Security

2008-05-01 23:31 . 2008-05-01 23:46 <DIR> d-------- C:\Arquivos de programas\NTFS Undelete

2008-05-01 22:39 . 2008-05-01 22:39 268 --ah----- C:\sqmdata03.sqm

2008-05-01 22:39 . 2008-05-01 22:39 244 --ah----- C:\sqmnoopt03.sqm

2008-05-01 22:35 . 2008-05-01 22:35 <DIR> d-------- C:\Documents and Settings\annibal amaral\Dados de aplicativos\Ahead

2008-05-01 22:33 . 2008-05-01 22:33 268 --ah----- C:\sqmdata02.sqm

2008-05-01 22:33 . 2008-05-01 22:33 244 --ah----- C:\sqmnoopt02.sqm

2008-05-01 19:22 . 2008-05-01 19:22 268 --ah----- C:\sqmdata01.sqm

2008-05-01 19:22 . 2008-05-01 19:22 244 --ah----- C:\sqmnoopt01.sqm

2008-05-01 18:52 . 2008-05-01 22:35 16 --a------ C:\WINDOWS\system32\coh.cache

2008-05-01 18:40 . 2008-05-01 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-05-01 18:39 . 2008-05-01 23:48 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-05-01 18:37 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-05-01 18:33 . 2008-05-01 18:33 268 --ah----- C:\sqmdata00.sqm

2008-05-01 18:33 . 2008-05-01 18:33 244 --ah----- C:\sqmnoopt00.sqm

2008-05-01 17:43 . 2008-05-14 10:40 <DIR> d-------- C:\Arquivos de programas\Steam

2008-05-01 17:27 . 2008-05-01 17:27 3,932,214 --a------ C:\WINDOWS\AW_XenoMorph1280.bmp

2008-05-01 17:22 . 2008-05-01 23:47 <DIR> d-------- C:\Documents and Settings\annibal amaral\Contacts

2008-05-01 15:37 . 2008-05-01 23:48 <DIR> d-------- C:\Arquivos de programas\Windows Live Toolbar

2008-05-01 15:24 . 2008-05-01 15:24 <DIR> d-------- C:\Documents and Settings\annibal amaral\Dados de aplicativos\CyberLink

2008-05-01 15:19 . 2008-05-03 11:18 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-05-01 15:19 . 2008-05-01 15:35 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-05-01 15:19 . 2008-05-03 11:20 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-05-01 15:16 . 2008-05-01 21:29 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-05-01 15:14 . 2005-04-20 08:32 2,916,352 --------- C:\WINDOWS\UNNMP.exe

2008-05-01 15:14 . 2005-10-24 11:55 49,870 --------- C:\WINDOWS\UNNMP.cfg

2008-05-01 15:13 . 2008-05-01 15:13 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nero

2008-05-01 15:13 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2008-05-01 15:12 . 2008-05-01 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Ahead

2008-05-01 15:12 . 2008-05-01 15:12 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-05-01 15:12 . 2008-05-01 15:14 <DIR> d-------- C:\Arquivos de programas\Ahead

2008-05-01 15:12 . 2005-09-07 13:08 3,006,464 --------- C:\WINDOWS\UNNeroVision.exe

2008-05-01 15:12 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2008-05-01 15:12 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2008-05-01 15:12 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2008-05-01 15:12 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll

2008-05-01 15:12 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2008-05-01 15:12 . 2005-10-24 11:55 209,791 --------- C:\WINDOWS\UNNeroVision.cfg

2008-05-01 15:12 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2008-05-01 15:12 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll

2008-05-01 15:12 . 2001-03-08 19:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll

2008-05-01 15:09 . 2008-05-01 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-05-01 15:09 . 2008-05-01 15:09 <DIR> d-------- C:\Arquivos de programas\CyberLink

2008-05-01 15:04 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2008-05-01 15:04 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-05-01 15:04 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-05-01 15:04 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-05-01 15:04 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-05-01 15:00 . 2008-05-01 15:00 <DIR> d---s---- C:\Documents and Settings\annibal amaral\UserData

2008-05-01 15:00 . 2008-05-01 15:00 2,403,344 --a------ C:\Arquivos de programas\WLinstaller.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-02 01:43 --------- d-----w C:\Arquivos de programas\Realtek

2008-05-01 18:09 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-05-01 18:05 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-05-01 17:30 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-05-01 17:24 --------- d-----w C:\Arquivos de programas\Yahoo!

2008-05-01 17:24 --------- d-----w C:\Arquivos de programas\Intel

2008-05-01 17:16 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-05-01 17:15 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-05-01 17:14 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

.

 

((((((((((((((((((((((((((((( snapshot@2008-05-12_17.51.17,57 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-12 19:22:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-14 13:49:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"Steam"="c:\arquivos de programas\steam\steam.exe" [2008-05-02 08:07 1271032]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 00:56 1667584]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 14:07 8491008]

"nwiz"="nwiz.exe" [2007-09-16 14:07 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 14:07 81920]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 05:08 16380416 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2007-06-15 05:45 1826816 C:\WINDOWS\SkyTel.exe]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"egui"="C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

S1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]

S3 XDva134;XDva134;C:\WINDOWS\system32\XDva134.sys []

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-05-14 02:20:00 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-14 10:55:47

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-05-14 10:56:35

ComboFix-quarantined-files.txt 2008-05-14 13:56:32

ComboFix2.txt 2008-05-12 20:51:24

 

Pre-Run: 303,775,748,096 bytes disponíveis

Post-Run: 303,793,446,912 bytes disponíveis

 

183

 

abraços... :grin:

[jgarcia 1]

Opa calculista,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

C:\WINDOWS\bootstat.dat

ATENÇÃO: O script acima foi elaborado especifícamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

• 2. Salve o arquivo como CFScript.txt;
   
  3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
  
   
  4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta.
  

Abraços.

[calculista 0]

fala jgarcia..

faço esse procedimento no modo seguroo..?

ou normal...?

 

abraços...

[jgarcia 1]

fala jgarcia..

faço esse procedimento no modo seguroo..?

ou normal...?

 

abraços...

Você pode executá-lo em Modo Normal ou em Modo Seguro. Fica a seu critério. :thumbsup:

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.