[Resolvido!] RavMovE, como remover?

[hgb7 3]

Salut ^^

 

Por mais que eu remova ele manualmente, ele sempre volta... alguém já pegou e tem alguma sugestão please...

 

Jaa ne

[DigRam 144]

Bom Dia! hgb7

 

>@< Faça o download do HijackThis.

>@< Baixe-o para o Disco Local-C e estabeleça uma pasta própria para o programa.

>@< Temos como exemplo: < C:\HijackThis.exe > ou < C:\HijackThis\HijackThis.exe >

>@< Mas,não execute-o ainda!

>@< Para que o Log do HijackThis saia completo,vá em Iniciar >> Executar.

>@< Digite: msconfig >> Ok.

>@< Na janela que abrir,marque: Inicialização normal - Carregar todos os drivers de dispositivo e serviços

>@< Clique em Aplicar >> Ok.

>@< Reinicie o computador!

>@< Abra o HijackThis e clique em Do a system scan and save a logfile.

>@< Abrir-se-á um Bloco de Notas!

>@< Selecione e copie o seu conteúdo para este Tópico. Não crie outro!

 

Abraços!

[hgb7 3]

Ni Hao DigRam ^^

 

Confesso que não gosto de Logs ... XD, mas lets go!

 

Logfile of HijackThis v1.99.1

Scan saved at 08:36:43, on 31/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\ARQUIV~1\AVG\AVG8\avgrsx.exe

D:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

D:\WINDOWS\system32\svchost.exe

D:\ARQUIV~1\AVG\AVG8\avgemc.exe

D:\WINDOWS\Explorer.EXE

D:\ARQUIV~1\AVG\AVG8\avgtray.exe

D:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

D:\Arquivos de programas\Microsoft IntelliPoint\point32.exe

D:\Arquivos de programas\Winamp\winampa.exe

D:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

D:\WINDOWS\system32\wuauclt.exe

D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

D:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

D:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HijackThis.exe\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMax] "D:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [AVG8_TRAY] D:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [RemoteControl] "D:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [intelliPoint] "D:\Arquivos de programas\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] "D:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [soundMAXPnP] D:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [soundMax] "D:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Orb] "D:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - D:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

 

vlw...

[DigRam 144]

Bom Dia! hgb7

 

<@> Abra o Spybot Search & Destroy!

<@> No menu superior,vá em Modo e selecione a opção Avançado. Confirme!

<@> Clique no botão Ferramentas e depois em Residente.

<@> Desmarque a opção: Ativar "TeaTimer" do Residente. ( Proteção geral das configurações de sistema )

-------------------------

<@> Faça o download do ComboFix.

<@> Baixe-o para o Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e Firewall.( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix em Modo de Segurança.

<@> Abrirá a janela Auto Scan. Aguarde!

<@> Digite a opção para continuar e < Enter >

<@> Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

<@> Para parar ou sair do ComboFix,tecle "N".

-------------------------

<@> Poste o relatório: D:\ComboFix.txt,na sua resposta.

 

Abraços!

[hgb7 3]

Desculpa a brincadeira, mas tu não um bot não né? hehehe

 

ComboFix 08-07-30.02 - henrique 2008-07-31 9:12:44.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.510 [GMT -3:00]

Executando de: D:\Documents and Settings\henrique\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

D:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\101.gif

D:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\102.gif

D:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\103.gif

D:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\104.gif

D:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\105.gif

D:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\106.gif

D:\WINDOWS\161491561.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))))

.

 

2008-07-24 08:58 . 2008-07-01 15:42 <DIR> d-------- D:\Documents and Settings\convidado\UserData

2008-07-24 08:58 . 2008-07-11 08:57 <DIR> d-------- D:\Documents and Settings\convidado\Dados de aplicativos\AVG7

2008-07-24 08:58 . 2008-07-09 13:49 <DIR> d-------- D:\Documents and Settings\convidado\Contacts

2008-07-24 08:57 . 2008-07-24 08:57 268 --ah----- D:\sqmdata11.sqm

2008-07-24 08:57 . 2008-07-24 08:57 244 --ah----- D:\sqmnoopt11.sqm

2008-07-22 13:25 . 2008-07-22 13:25 19 --a------ D:\WINDOWS\joke.INI

2008-07-21 08:45 . 2008-07-21 08:48 <DIR> d-------- D:\cygwin

2008-07-18 16:41 . 2008-07-07 16:23 <DIR> d-------- D:\Documents and Settings\junior\Dados de aplicativos\AdobeUM

2008-07-18 15:58 . 2008-07-18 15:58 <DIR> d--h----- D:\WINDOWS\PIF

2008-07-18 09:40 . 2008-07-18 09:40 <DIR> d-------- D:\Arquivos de programas\telnet

2008-07-18 09:40 . 2000-09-24 21:54 69,632 --a------ D:\WINDOWS\system32\GkSui18.EXE

2008-07-14 08:05 . 2008-07-14 08:05 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-07-14 08:05 . 2008-07-14 08:05 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-07-14 08:05 . 2008-07-14 08:05 <DIR> d-------- D:\Arquivos de programas\QuickTime

2008-07-14 08:05 . 2008-07-14 08:05 <DIR> d-------- D:\Arquivos de programas\Apple Software Update

2008-07-11 15:49 . 2008-07-11 15:49 <DIR> d-------- D:\Arquivos de programas\ASCII

2008-07-11 15:49 . 2001-04-11 02:47 80,384 --a------ D:\WINDOWS\gamedelete.exe

2008-07-11 15:07 . 2008-07-14 08:15 743 --a------ D:\WINDOWS\cncscore.ini

2008-07-09 16:44 . 2008-07-09 16:18 102,664 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys

2008-07-09 16:17 . 2008-07-09 16:51 <DIR> d--h----- D:\Documents and Settings\henrique\.housecall6.6

2008-07-09 13:30 . 2001-09-05 23:27 18,176 --a------ D:\WINDOWS\system32\drivers\sermouse.sys

2008-07-09 11:43 . 2008-07-09 11:43 <DIR> d-------- D:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

2008-07-09 11:41 . 2008-07-09 11:41 <DIR> d-------- D:\WINDOWS\SQLTools9_KB948109_ENU

2008-07-09 11:39 . 2008-07-09 11:39 <DIR> d-------- D:\WINDOWS\SQL9_KB948109_ENU

2008-07-09 11:37 . 2008-07-09 11:37 <DIR> d-------- D:\Arquivos de programas\MSXML 4.0

2008-07-09 10:17 . 2008-07-09 10:17 <DIR> d-------- D:\Arquivos de programas\AIDA32 - Enterprise System Information

2008-07-08 16:16 . 2008-06-14 14:59 272,384 --------- D:\WINDOWS\system32\drivers\bthport.sys

2008-07-08 16:16 . 2008-06-14 14:59 272,384 --------- D:\WINDOWS\system32\dllcache\bthport.sys

2008-07-08 16:10 . 2008-05-08 09:28 202,752 --------- D:\WINDOWS\system32\dllcache\rmcast.sys

2008-07-08 16:09 . 2006-12-07 02:29 2,374,472 --------- D:\WINDOWS\system32\dllcache\wmvcore.dll

2008-07-08 16:08 . 2007-07-09 10:09 584,192 --------- D:\WINDOWS\system32\dllcache\rpcrt4.dll

2008-07-08 15:15 . 2008-07-09 11:46 <DIR> d--h----- D:\WINDOWS\$hf_mig$

2008-07-04 16:12 . 2008-07-04 16:12 <DIR> d-------- D:\Arquivos de programas\LeechFTP

2008-07-04 16:12 . 1998-07-08 17:30 18,944 --a------ D:\WINDOWS\eraser.exe

2008-07-04 11:17 . 2008-07-04 11:19 <DIR> d-------- D:\WINDOWS\NV22923852.TMP

2008-07-04 11:13 . 2008-07-04 11:13 <DIR> d-------- D:\Arquivos de programas\Microsoft IntelliPoint 5.2

2008-07-04 11:13 . 2008-07-04 11:13 <DIR> d-------- D:\Arquivos de programas\Microsoft IntelliPoint

2008-07-04 11:07 . 2008-07-15 08:01 <DIR> d-------- D:\Arquivos de programas\RadarSync

2008-07-04 10:48 . 2008-07-04 10:48 <DIR> d-------- D:\Arquivos de programas\Unlocker

2008-06-30 08:22 . 2008-06-30 11:56 943 --a------ D:\WINDOWS\CNC.INI

2008-06-27 15:53 . 2008-06-27 15:53 <DIR> d-------- D:\Arquivos de programas\Innovative Solutions

2008-06-24 13:15 . 2008-06-24 13:15 58 --a------ D:\WINDOWS\my.ini

2008-06-23 13:41 . 2008-06-24 08:03 893 --a------ D:\WINDOWS\Printfil.ini

2008-06-23 13:41 . 2007-02-10 12:10 0 --ah----- D:\WINDOWS\DvyP413.dll

2008-06-23 13:41 . 2007-02-10 12:10 0 --ah----- D:\WINDOWS\161exp2.dll

2008-06-23 13:41 . 2007-02-10 12:10 0 --ah----- D:\WINDOWS\161exp1.dll

2008-06-23 13:41 . 2007-02-10 12:10 0 --ah----- D:\WINDOWS\161692562.dll

2008-06-23 13:41 . 2007-02-10 12:10 0 --ah----- D:\WINDOWS\161692561.dll

2008-06-23 13:41 . 2007-02-10 12:10 0 --ah----- D:\WINDOWS\161491562.dll

2008-06-20 14:41 . 2008-06-20 14:41 247,808 --------- D:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 11:41 . 2008-06-20 11:42 <DIR> d-------- D:\Documents and Settings\henrique\Dados de aplicativos\Winamp

2008-06-20 07:45 . 2008-06-20 07:45 360,320 --------- D:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 07:44 . 2008-06-20 07:44 138,368 --------- D:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 06:52 . 2008-06-20 06:52 225,920 --------- D:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-18 09:21 . 2008-06-18 09:21 45,056 --a------ D:\WINDOWS\NCUNINST.EXE

2008-06-18 09:18 . 2008-06-18 09:18 <DIR> d-------- D:\Arquivos de programas\Arquivos comuns\SWF Studio

2008-06-17 10:00 . 2007-10-30 07:45 <DIR> d-------- D:\Documents and Settings\joseane\Modelos

2008-06-17 10:00 . 2008-06-17 10:01 <DIR> d-------- D:\Documents and Settings\joseane\Meus documentos

2008-06-17 10:00 . 2007-10-30 05:42 <DIR> d-------- D:\Documents and Settings\joseane\Menu Iniciar

2008-06-17 10:00 . 2008-06-17 10:01 <DIR> d-------- D:\Documents and Settings\joseane\Favoritos

2008-06-17 10:00 . 2008-06-17 10:01 <DIR> d-------- D:\Documents and Settings\joseane\Dados de aplicativos

2008-06-17 10:00 . 2008-07-31 09:14 <DIR> d--h----- D:\Documents and Settings\joseane\Configurações locais

2008-06-17 10:00 . 2007-10-30 05:42 <DIR> d-------- D:\Documents and Settings\joseane\Ambiente de rede

2008-06-17 10:00 . 2007-10-30 05:42 <DIR> d-------- D:\Documents and Settings\joseane\Ambiente de impressão

2008-06-17 10:00 . 2008-06-17 10:00 <DIR> d-------- D:\Documents and Settings\joseane

2008-06-17 10:00 . 2007-10-30 07:45 <DIR> d-------- D:\Documents and Settings\convidado\Modelos

2008-06-17 10:00 . 2008-07-09 13:50 <DIR> d-------- D:\Documents and Settings\convidado\Meus documentos

2008-06-17 10:00 . 2007-10-30 05:42 <DIR> d-------- D:\Documents and Settings\convidado\Menu Iniciar

2008-06-17 10:00 . 2008-07-24 08:58 <DIR> d-------- D:\Documents and Settings\convidado\Favoritos

2008-06-17 10:00 . 2008-07-07 09:00 <DIR> d-------- D:\Documents and Settings\convidado\Dados de aplicativos

2008-06-17 10:00 . 2008-07-31 09:14 <DIR> d--h----- D:\Documents and Settings\convidado\Configurações locais

2008-06-17 10:00 . 2007-10-30 05:42 <DIR> d-------- D:\Documents and Settings\convidado\Ambiente de rede

2008-06-17 10:00 . 2007-10-30 05:42 <DIR> d-------- D:\Documents and Settings\convidado\Ambiente de impressão

2008-06-17 10:00 . 2008-07-24 08:58 <DIR> d-------- D:\Documents and Settings\convidado

2008-06-12 12:08 . 2008-06-12 12:08 268 --ah----- D:\sqmdata10.sqm

2008-06-12 12:08 . 2008-06-12 12:08 244 --ah----- D:\sqmnoopt10.sqm

2008-06-10 16:01 . 2008-05-26 16:12 <DIR> d-------- D:\Documents and Settings\junior\Dados de aplicativos\AVG7

2008-06-05 08:28 . 2008-06-05 08:28 833,536 --a------ D:\WINDOWS\EBSRel.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-09 14:41 --------- d-----w D:\Arquivos de programas\Microsoft SQL Server

2008-07-04 14:12 --------- d-----w D:\Arquivos de programas\Google

2008-07-03 19:59 96,520 ----a-w D:\WINDOWS\system32\drivers\avgldx86.sys

2008-07-03 19:59 76,040 ----a-w D:\WINDOWS\system32\drivers\avgtdix.sys

2008-07-03 19:59 10,520 ----a-w D:\WINDOWS\system32\avgrsstx.dll

2008-06-26 18:49 --------- d-----w D:\Arquivos de programas\Notepad++

2008-06-20 17:41 247,808 ----a-w D:\WINDOWS\system32\mswsock.dll

2008-06-20 17:41 148,992 ----a-w D:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 10:45 360,320 ----a-w D:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w D:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w D:\WINDOWS\system32\drivers\tcpip6.sys

2008-05-30 12:17 --------- d-----w D:\Documents and Settings\henrique\Dados de aplicativos\CyberLink

2008-05-30 12:17 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-05-30 12:16 --------- d--h--w D:\Arquivos de programas\InstallShield Installation Information

2008-05-30 12:16 --------- d-----w D:\Arquivos de programas\CyberLink DVD Solution

2008-05-30 12:16 --------- d-----w D:\Arquivos de programas\CyberLink

2008-05-29 12:16 --------- d-----w D:\Arquivos de programas\nLite

2008-05-28 18:57 --------- d-----w D:\Arquivos de programas\RealVNC

2008-05-28 17:17 --------- d-----w D:\Documents and Settings\All Users\Dados de aplicativos\avg8

2008-05-28 17:17 --------- d-----w D:\Arquivos de programas\AVG

2008-05-13 19:21 691,545 ----a-w D:\WINDOWS\unins000.exe

2008-05-07 05:15 1,292,288 ------w D:\WINDOWS\system32\quartz.dll

2008-05-07 05:15 1,292,288 ------w D:\WINDOWS\system32\dllcache\quartz.dll

2008-04-17 10:52 18,432 ------w D:\WINDOWS\system32\dllcache\iedw.exe

2004-10-01 18:00 40,960 ----a-w D:\Arquivos de programas\Uninstall_CDS.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45 15360]

"SoundMax"="D:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" [2005-09-07 14:35 716800]

"msnmsgr"="D:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 16:03 94208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-09-20 16:25 7680000]

"AVG8_TRAY"="D:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-07-03 16:59 1232152]

"RemoteControl"="D:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]

"IntelliPoint"="D:\Arquivos de programas\Microsoft IntelliPoint\point32.exe" [2004-06-03 01:50 204800]

"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2006-09-20 16:25 86016]

"QuickTime Task"="D:\Arquivos de programas\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

"WinampAgent"="D:\Arquivos de programas\Winamp\winampa.exe" [2007-10-10 02:28 36352]

"SoundMAXPnP"="D:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-21 06:11 925696]

"Adobe Reader Speed Launcher"="D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"nwiz"="nwiz.exe" [2006-09-20 16:25 1617920 D:\WINDOWS\system32\nwiz.exe]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 14:21 61952 D:\WINDOWS\system32\HdAShCut.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:45 15360]

 

D:\Documents and Settings\junior\Menu Iniciar\Programas\Inicializar\

Gerenciador do HotSync.lnk - \\Rpublicas_01\d$\Arquivos de programas\palmOne\HOTSYNC.EXE [2004-04-13 17:03:10 299008]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoDesktopCleanupWizard"= 1 (0x1)

"NoResolveSearch"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoResolveSearch"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

"vidc.mpg4"= D:\WINDOWS\mpg4c32.dll

"vidc.mpg2"= D:\WINDOWS\mpg4c32.dll

"vidc.mpg3"= D:\WINDOWS\mpg4c32.dll

"vidc.GEOX"= D:\WINDOWS\system32\GeoCodec.dll

"vidc.GEOV"= D:\WINDOWS\system32\GeoCodec.dll

"vidc.G264"= D:\WINDOWS\system32\GX264.dll

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADPHONE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"D:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"D:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"D:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1005MC.EXE"=

"C:\\xampp\\apache\\bin\\apache.exe"=

"C:\\xampp\\mysql\\bin\\mysqld.exe"=

"D:\\Arquivos de programas\\LeechFTP\\Leechftp.exe"=

"D:\\WINDOWS\\system32\\dpvsetup.exe"=

 

R1 AvgLdx86;AVG AVI Loader Driver x86;D:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-03 16:59]

R2 avg8emc;AVG8 E-mail Scanner;D:\ARQUIV~1\AVG\AVG8\avgemc.exe [2008-07-03 16:59]

R2 avg8wd;AVG8 WatchDog;D:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-05-28 14:17]

R2 AvgTdiX;AVG8 Network Redirector;D:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-03 16:59]

S3 NPF;NetGroup Packet Filter Driver;D:\WINDOWS\system32\drivers\npf.sys [2007-06-21 17:55]

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

- - - - ORFAOS REMOVIDOS - - - -

 

HKCU-Run-Orb - D:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe

HKCU-Run-DriverMax - (no file)

 

 

.

------- Ccan Suplementar -------

.

FireFox -: Profile - D:\Documents and Settings\henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\7a4ppgxx.default\

FF -: plugin - D:\Arquivos de programas\Java\jre1.6.0_02\bin\npjava11.dll

FF -: plugin - D:\Arquivos de programas\Java\jre1.6.0_02\bin\npjava12.dll

FF -: plugin - D:\Arquivos de programas\Java\jre1.6.0_02\bin\npjava13.dll

FF -: plugin - D:\Arquivos de programas\Java\jre1.6.0_02\bin\npjava14.dll

FF -: plugin - D:\Arquivos de programas\Java\jre1.6.0_02\bin\npjava32.dll

FF -: plugin - D:\Arquivos de programas\Java\jre1.6.0_02\bin\npjpi160_02.dll

FF -: plugin - D:\Arquivos de programas\Java\jre1.6.0_02\bin\npoji610.dll

FF -: plugin - D:\WINDOWS\Microsoft.NET\Framework\v3.5\WPF\NPWPF.dll

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-31 09:14:19

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-07-31 9:14:55

ComboFix-quarantined-files.txt 2008-07-31 12:14:52

 

Pre-Run: 11 pasta(s) 18,003,623,936 bytes disponíveis

Post-Run: 14 pasta(s) 19,563,683,840 bytes disponíveis

 

218 --- E O F --- 2008-07-10 18:20:52

 

 

Vlw amigow

[DigRam 144]

Bom Dia! hgb7

 

<@> No Executar,digite: ComboFix.exe /u --> Clique: OK

<@> Na solicitação,escolha o dois. ( 2 ) >> Aguarde a desinstalação!

-----------------------

<!> Seu problema,ainda,continua?

<!> Pois os logs,estão limpos!

 

Abraços!

[hgb7 3]

Humm obrigado, farei em outros PCs da Rede aqui ^^

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.