Nemesys 0 Denunciar post Postado Agosto 28, 2008 Galera o Spybot aqui em casa está acusando um tal de virtumonde e seus dll. já mandei remover, removi no registro e segui todos os passos que o SD manda, mas sempre q faço uma varredura ele reaparece. Como me livro desse? Obrigado. Log do Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 11:19:04, on 28/8/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\BitLord\BitLord.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Documents and Settings\Caco\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: qalkfxor - {FA9CBCB5-3330-4AF1-A2A3-30FE4C366215} - C:\WINDOWS\qalkfxor.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219543772266 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: ilwmmh.dll gsgxpz.dll O21 - SSODL: pdoskegl - {7E97518F-E349-485F-8031-F9C2ACE5F5E2} - C:\WINDOWS\pdoskegl.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Agosto 28, 2008 Boa Tarde! Nemesys <@> Abra o Spybot Search & Destroy! <@> No menu superior,vá em Modo e selecione a opção Avançado. Confirme! <@> Clique no botão Ferramentas e depois em Residente. <@> Desmarque a opção: Ativar "TeaTimer" do Residente. ( Proteção geral das configurações de sistema ) -------------------------- <@> Faça o download do ComboFix.exe. <@> Baixe-o para o Desktop! <@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! ) <@> Feche todas as janelas e execute a ferramenta! Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.Salve-a no desktop,renomeada como: Kombo.exe Ps: Nomeie durante o salvamento,e não após salvá-la! Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <@> Abrirá a janela Auto Scan. Aguarde! <@> Digite a opção para continuar! >> Enter <@> Aguarde a conclusão! <@> Durante o scan,evite manusear o mouse ou teclado! <@> Para parar ou sair do ComboFix,tecle "N". ---------------------- <@> Poste os relatórios: C:\ComboFix.txt + Log do HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Nemesys 0 Denunciar post Postado Agosto 28, 2008 Log do ComboFix: ComboFix 08-08-27.06 - Caco 2008-08-28 13:59:58.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1592 [GMT -4:00] Executando de: C:\Documents and Settings\Caco\Desktop\kOMBO.EXE.exe * Criado um novo ponto de restauro ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !! . ((((((((((((((((((((((((((((((((((((( Outras Exclusäes ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Arquivos de programas\PCHealthCenter C:\Arquivos de programas\PCHealthCenter\0.exe C:\Arquivos de programas\PCHealthCenter\0.gif C:\Arquivos de programas\PCHealthCenter\1.exe C:\Arquivos de programas\PCHealthCenter\1.gif C:\Arquivos de programas\PCHealthCenter\1.ico C:\Arquivos de programas\PCHealthCenter\2.exe C:\Arquivos de programas\PCHealthCenter\2.gif C:\Arquivos de programas\PCHealthCenter\2.ico C:\Arquivos de programas\PCHealthCenter\3.exe C:\Arquivos de programas\PCHealthCenter\3.gif C:\Arquivos de programas\PCHealthCenter\4.exe C:\Arquivos de programas\PCHealthCenter\5.exe C:\Arquivos de programas\PCHealthCenter\7.exe C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat C:\Documents and Settings\All Users\Dados de aplicativos\Secure Solutions C:\Documents and Settings\All Users\Dados de aplicativos\Secure Solutions\Antispyware 2008 XP\as2008xp.exe C:\Documents and Settings\All Users\Dados de aplicativos\Secure Solutions\Antispyware 2008 XP\LOG\20080827080630718.log C:\Documents and Settings\All Users\Dados de aplicativos\Secure Solutions\Antispyware 2008 XP\LOG\20080827082420796.log C:\Documents and Settings\All Users\Dados de aplicativos\Secure Solutions\Antispyware 2008 XP\LOG\20080827191709875.log C:\Documents and Settings\All Users\Dados de aplicativos\Secure Solutions\Antispyware 2008 XP\LOG\20080827193146140.log C:\Documents and Settings\Caco\Dados de aplicativos\Adobe\crc.dat C:\update.exe C:\WINDOWS\system32\AdggQXbc.ini C:\WINDOWS\system32\AdggQXbc.ini2 C:\WINDOWS\system32\cbXPggGV.dll C:\WINDOWS\system32\cbXQggdA.dll C:\WINDOWS\system32\efcAPgfc.dll C:\WINDOWS\system32\gsgxpz.dll C:\WINDOWS\system32\ilwmmh.dll C:\WINDOWS\system32\mmx31236.dll C:\WINDOWS\system32\mx31236.dll C:\WINDOWS\system32\ofudcawn.dll C:\WINDOWS\system32\sjscwceg.ini C:\WINDOWS\system32\tcbgscox.ini C:\WINDOWS\system32\wigaqsme.dll ----- BITS: Sites possivelmente infetados ----- http://hqsextube08.com . ((((((((((((((((((((((( Ficheiros criados de 2008-07-28 to 2008-08-28 )))))))))))))))))))))))))))))))) . 2008-08-28 09:00 . 2008-08-28 10:58 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-08-28 08:59 . 2008-08-23 09:28 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Modelos 2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Meus documentos 2008-08-28 08:59 . 2008-08-23 05:25 <DIR> dr------- C:\Documents and Settings\LogMeInRemoteUser\Menu Iniciar 2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Favoritos 2008-08-28 08:59 . 2008-08-23 05:25 <DIR> dr-h----- C:\Documents and Settings\LogMeInRemoteUser\Dados de aplicativos 2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Configura‡äes locais 2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Ambiente de rede 2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Ambiente de impressÆo 2008-08-28 08:59 . 2008-08-28 13:39 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser 2008-08-28 06:04 . 2008-08-28 06:04 103,552 --a------ C:\WINDOWS\system32\gecwcsjs.dll 2008-08-28 00:09 . 2008-08-28 00:09 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\LogMeIn 2008-08-28 00:09 . 2008-05-28 12:32 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll 2008-08-28 00:09 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll 2008-08-28 00:09 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 2008-08-28 00:09 . 2008-05-28 12:33 24,608 --a------ C:\WINDOWS\system32\LMIport.dll 2008-08-28 00:08 . 2008-08-28 00:09 <DIR> d-------- C:\Arquivos de programas\LogMeIn 2008-08-28 00:08 . 2008-08-28 00:08 1,024 --a------ C:\.rnd 2008-08-27 23:53 . 2008-08-27 23:53 <DIR> d-------- C:\Arquivos de programas\SymNetDrv 2008-08-27 19:55 . 2008-08-27 19:55 86 --a------ C:\WINDOWS\wininit.ini 2008-08-27 19:35 . 2008-08-25 18:48 3,262 --a------ C:\WINDOWS\system32\2.ico 2008-08-27 19:22 . 2008-08-27 19:22 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys 2008-08-27 19:21 . 2008-08-27 19:32 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Symantec 2008-08-27 19:21 . 2008-08-27 19:21 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\AdobeUM 2008-08-27 19:21 . 2008-08-27 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Symantec 2008-08-27 19:21 . 2008-08-27 23:53 <DIR> d-------- C:\Arquivos de programas\Symantec 2008-08-27 19:21 . 2008-08-27 23:55 <DIR> d-------- C:\Arquivos de programas\Norton AntiVirus 2008-08-27 19:21 . 2008-08-28 06:11 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared 2008-08-27 19:21 . 2006-09-15 22:52 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-08-27 19:21 . 2006-09-15 22:52 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-08-27 19:18 . 2008-08-27 19:18 <DIR> d-------- C:\Arquivos de programas\MSA 2008-08-27 19:18 . 2008-08-26 17:23 167,424 --a------ C:\WINDOWS\system32\MSA.cpl 2008-08-27 19:18 . 2008-08-25 18:48 3,262 --a------ C:\WINDOWS\system32\1.ico 2008-08-27 08:06 . 2008-08-28 06:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\services 2008-08-27 08:01 . 2008-08-27 08:02 7,238 --a------ C:\wmcodec_update.exe 2008-08-27 08:00 . 2008-08-27 08:00 <DIR> d-------- C:\WINDOWS\Elven Mists 2 2008-08-27 08:00 . 2008-08-27 08:00 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Intenium 2008-08-26 22:11 . 2008-08-26 22:11 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Thunderbird 2008-08-26 22:11 . 2008-08-26 22:11 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Talkback 2008-08-26 22:11 . 2008-08-28 09:11 <DIR> d-------- C:\Arquivos de programas\Mozilla Thunderbird 2008-08-26 20:45 . 2008-08-26 20:45 2,291,712 --a------ C:\WINDOWS\system32\TUKernel.exe 2008-08-26 20:36 . 2008-08-26 20:36 <DIR> d-------- C:\Arquivos de programas\PowerQuest 2008-08-26 20:30 . 2006-12-19 16:53 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-08-26 20:29 . 2008-08-26 20:29 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\TuneUp Software 2008-08-26 20:29 . 2008-08-26 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software 2008-08-26 20:29 . 2008-08-26 20:39 <DIR> d-------- C:\Arquivos de programas\TuneUp Utilities 2007 2008-08-26 20:29 . 2008-08-26 20:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard 2008-08-26 20:28 . 2008-08-26 20:28 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead 2008-08-26 20:28 . 2008-08-26 20:28 <DIR> d-------- C:\Arquivos de programas\Ahead 2008-08-26 20:28 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2008-08-26 20:28 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2008-08-26 20:28 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2008-08-26 20:28 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2008-08-26 20:28 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2008-08-26 20:28 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys 2008-08-26 20:28 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2008-08-26 20:28 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2008-08-26 20:27 . 2008-08-26 20:27 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\ACD Systems 2008-08-26 20:26 . 2008-08-26 20:26 <DIR> d-------- C:\Arquivos de programas\ACD Systems 2008-08-25 18:44 . 2008-08-25 18:44 <DIR> d-------- C:\Arquivos de programas\ReflexiveArcade 2008-08-24 19:01 . 2008-08-24 19:02 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-08-24 18:13 . 2008-08-26 15:28 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Skype 2008-08-24 18:13 . 2008-08-24 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Skype 2008-08-24 18:13 . 2008-08-24 18:13 <DIR> d-------- C:\Arquivos de programas\Skype 2008-08-24 18:13 . 2008-08-24 18:13 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype 2008-08-24 18:04 . 2008-08-27 23:54 <DIR> d-------- C:\Jogos 2008-08-24 18:04 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2008-08-24 14:42 . 2008-08-24 14:42 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Media Player Classic 2008-08-24 09:47 . 2008-08-24 09:47 <DIR> d-------- C:\Arquivos de programas\PluginLetras 2008-08-24 08:46 . 2008-08-24 08:47 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Toolbar 2008-08-24 08:46 . 2008-08-24 08:47 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Lite 2008-08-24 00:29 . 2008-08-24 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems 2008-08-24 00:29 . 2008-08-24 00:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared 2008-08-24 00:29 . 2008-08-26 20:41 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe 2008-08-24 00:25 . 2008-08-24 00:27 <DIR> d-------- C:\Arquivos de programas\BitLord 2008-08-24 00:22 . 2008-08-24 08:50 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2008-08-24 00:22 . 2008-08-24 00:22 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy 2008-08-24 00:19 . 2008-08-24 00:19 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\DAEMON Tools 2008-08-24 00:19 . 2008-08-24 00:20 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-08-24 00:16 . 2008-08-25 14:27 <DIR> d-------- C:\Documents and Settings\Caco\Contacts 2008-08-24 00:16 . 2008-08-24 00:16 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack 2008-08-23 23:04 . 2008-08-23 23:04 421 --a------ C:\WINDOWS\ODBC.INI 2008-08-23 23:03 . 2008-08-23 23:03 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-08-23 23:03 . 2008-08-23 23:03 <DIR> d-------- C:\Arquivos de programas\Microsoft Works 2008-08-23 23:03 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2008-08-23 23:01 . 2008-08-23 23:01 <DIR> dr-h----- C:\MSOCache 2008-08-23 22:15 . 2008-08-23 22:20 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller 2008-08-23 22:14 . 2008-08-23 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller 2008-08-23 22:14 . 2008-08-23 22:20 <DIR> d-------- C:\Arquivos de programas\Windows Live 2008-08-23 22:12 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-08-23 22:12 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-08-23 22:12 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-08-23 22:12 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-08-23 22:12 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-08-23 22:07 . 2008-08-23 22:07 <DIR> d-------- C:\Arquivos de programas\Alwil Software 2008-08-23 22:07 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2008-08-23 22:07 . 2003-03-18 16:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2008-08-23 22:07 . 2003-02-21 00:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll 2008-08-23 22:04 . 2008-08-23 22:04 0 --a------ C:\WINDOWS\nsreg.dat 2008-08-23 22:01 . 2008-08-23 22:01 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Creative 2008-08-23 21:59 . 2000-05-22 04:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx 2008-08-23 21:59 . 1999-10-10 21:00 41,984 --------- C:\WINDOWS\Ctregrun.exe 2008-08-23 21:55 . 2008-08-23 21:55 <DIR> d-------- C:\WINDOWS\system32\Data 2008-08-23 21:54 . 2004-02-18 09:52 176,128 --a------ C:\WINDOWS\system32\USBAudio.cpl 2008-08-23 21:54 . 2004-03-25 09:21 135,168 --a------ C:\WINDOWS\system32\USBAudio.crl 2008-08-23 21:54 . 2003-12-17 15:59 46,731 --a------ C:\WINDOWS\system32\usbaudio.chm 2008-08-23 21:54 . 2003-04-01 19:38 692 --a------ C:\WINDOWS\system32\USBAudio.cpl.manifest 2008-08-23 21:53 . 2008-08-23 21:59 <DIR> d-------- C:\Arquivos de programas\Creative 2008-08-23 21:53 . 2003-03-05 12:19 15,840 --a------ C:\WINDOWS\system32\drivers\PfModNT.sys 2008-08-23 21:50 . 2008-08-23 22:01 <DIR> d-------- C:\WINDOWS\nview 2008-08-23 21:50 . 2007-04-19 14:14 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-08-23 21:50 . 2007-04-19 00:26 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-08-23 21:50 . 2008-08-28 11:30 88,723 --a------ C:\WINDOWS\system32\nvapps.xml 2008-08-23 21:50 . 2007-04-19 00:26 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-08-23 21:47 . 2008-08-23 21:47 <DIR> d-------- C:\Arquivos de programas\JPEG Camera 2008-08-23 21:45 . 2008-08-23 21:45 <DIR> d---s---- C:\Documents and Settings\Caco\UserData . ((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-27 00:37 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2008-08-27 00:36 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield 2008-08-23 13:42 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-08-23 13:42 --------- d-----w C:\Arquivos de programas\Realtek 2008-08-23 13:40 --------- d-----w C:\Arquivos de programas\Intel 2008-08-23 13:31 --------- d-----w C:\Arquivos de programas\microsoft frontpage 2008-08-23 13:30 --------- d-----w C:\Arquivos de programas\Serviços on-line 2008-08-23 13:29 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços 2008-05-28 16:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll 2008-05-28 16:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "BitComet"="C:\Arquivos de programas\BitLord\BitLord.exe" [2005-05-06 20:47 2224128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 00:26 7700480] "LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktop"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\WINDOWS\\system32\\logonui.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=ilwmmh.dll gsgxpz.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Acrobat Speed Launcher.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2091865e] --a------ 2008-08-28 06:04 103552 C:\WINDOWS\system32\gecwcsjs.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] --a------ 2004-12-14 02:12 483328 C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Antivirus] --a------ 2008-08-26 17:22 416768 C:\Arquivos de programas\MSA\MSA.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2007-02-21 16:50 58984 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCAPP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] --a------ 2003-09-17 10:43 57344 C:\Arquivos de programas\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-07-24 11:02 490952 C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-04-19 00:26 7700480 C:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-04-19 00:26 86016 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2007-07-02 17:10 23237416 C:\Arquivos de programas\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-07-07 09:42 2156368 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt] --a------ 2004-11-04 14:59 218240 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\usrprmpt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] --a------ 2008-08-27 23:53 100056 C:\ARQUIV~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-03 06:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-04-19 00:26 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2007-10-24 23:57 16855552 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] -r------- 2007-10-10 23:04 1826816 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "C:\\Arquivos de programas\\BitLord\\BitLord.exe"= "C:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 Agendador do LiveUpdate automático;Agendador do LiveUpdate automático;C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 17:57] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39] R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:45] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-10-31 20:56] R3 CAM1690;USB 2.0 Compliance JPEG Video Camera;C:\WINDOWS\system32\Drivers\cam1690.sys [2007-08-13 16:54] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Conte£do da pasta 'Tarefas Agendadas' 2008-08-27 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Arquivos de programas\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 16:53] 2008-08-28 C:\WINDOWS\Tasks\Norton AntiVirus - Verificar o meu computador - Caco.job - C:\ARQUIV~1\NORTON~1\Navw32.exe [2005-07-18 16:16] . - - - - ORFAOS REMOVIDOS - - - - SSODL-pdoskegl-{7E97518F-E349-485F-8031-F9C2ACE5F5E2} - C:\WINDOWS\pdoskegl.dll MSConfigStartUp-Run - C:\Documents and Settings\Caco\Dados de aplicativos\Adobe\Manager.exe MSConfigStartUp-s9201 - C:\Documents and Settings\All Users\Dados de aplicativos\Secure Solutions\Antispyware 2008 XP\as2008xp.exe MSConfigStartUp-Waiting1690 - C:\Windows\stid1690.exe . ------- Ccan Suplementar ------- . FireFox -: Profile - C:\Documents and Settings\Caco\Dados de aplicativos\Mozilla\Firefox\Profiles\q8btqxig.default\ FF -: plugin - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\browser\nppdf32.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-28 14:04:35 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializ veis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . ------------------------ Outros Processos em Execu‡Æo ------------------------ . C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCSETMGR.EXE C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\Arquivos de programas\LogMeIn\x86\ramaint.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Norton AntiVirus\NAVAPSVC.EXE C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMNTOR.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCEVTMGR.EXE C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\taskmgr.exe . ************************************************************************** . Tempo para conclusÆo: 2008-08-28 14:17:39 - Maquina reiniciou ComboFix-quarantined-files.txt 2008-08-28 18:17:36 Pre-Run: 7 pasta(s) 92,694,446,080 bytes disponíveis Post-Run: 10 pasta(s) 92,661,202,944 bytes dispon¡veis 328 ***************** Log do HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 14:19:40, on 28/8/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Documents and Settings\Caco\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bitComet] "C:\Arquivos de programas\BitLord\BitLord.exe" O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219543772266 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: ilwmmh.dll gsgxpz.dll O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe Valew! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Agosto 28, 2008 Boa Tarde! Nemesys ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !! <!> Para a segurança do PC,vamos providenciar a instalação do Console de Recuperação. ------------------------ <!> Vá ao site da Microsoft: < Link > <!> Selecione o download,que seja adequado,ao seu Sistema Operacional! <!> Faça o download,do arquivo,e salve-o no seu desktop. <!> Feche todos os programas,que estejam abertos! <!> Feche,também,seus programas de proteção! ( Antivírus,Antispywares e Firewall ) <!> Arraste o setup,baixado do site da Microsoft,para o interior do ComboFix.exe. <!> Veja,abaixo,a demonstração! <!> Siga as mensagens que aparecem na tela,para iniciar o ComboFix. <!> Aceite o contrato de licença,para instalar o "Console de Recuperação da Microsoft". <!> Na próxima mensagem,clique em "Yes",para realizar um scan com o ComboFix. <!> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Nemesys 0 Denunciar post Postado Agosto 28, 2008 ComboFix: ComboFix 08-08-27.06 - Caco 2008-08-28 19:24:38.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1650 [GMT -4:00] Executando de: C:\Documents and Settings\Caco\Desktop\kOMBO.EXE.exe Command switches used :: C:\Documents and Settings\Caco\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe * Criado um novo ponto de restauro . ((((((((((((((((((((((( Ficheiros criados de 2008-07-28 to 2008-08-28 )))))))))))))))))))))))))))))))) . 2008-08-28 14:17 . 2008-08-28 14:17 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais 2008-08-28 14:17 . 2008-08-28 14:17 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais 2008-08-28 14:17 . 2008-08-28 14:17 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Configuraþ§es locais 2008-08-28 14:17 . 2008-08-28 14:17 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais 2008-08-28 14:17 . 2008-08-28 14:17 <DIR> d-------- C:\Documents and Settings\Caco\Configuraþ§es locais 2008-08-28 09:00 . 2008-08-28 14:24 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-08-28 08:59 . 2008-08-23 09:28 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Modelos 2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Meus documentos 2008-08-28 08:59 . 2008-08-23 05:25 <DIR> dr------- C:\Documents and Settings\LogMeInRemoteUser\Menu Iniciar 2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Favoritos 2008-08-28 08:59 . 2008-08-23 05:25 <DIR> dr-h----- C:\Documents and Settings\LogMeInRemoteUser\Dados de aplicativos 2008-08-28 08:59 . 2008-08-28 19:25 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Configurações locais 2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Ambiente de rede 2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Ambiente de impressão 2008-08-28 08:59 . 2008-08-28 15:07 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser 2008-08-28 06:04 . 2008-08-28 06:04 103,552 --a------ C:\WINDOWS\system32\gecwcsjs.dll 2008-08-28 00:09 . 2008-08-28 00:09 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\LogMeIn 2008-08-28 00:09 . 2008-05-28 12:32 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll 2008-08-28 00:09 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll 2008-08-28 00:09 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 2008-08-28 00:09 . 2008-05-28 12:33 24,608 --a------ C:\WINDOWS\system32\LMIport.dll 2008-08-28 00:08 . 2008-08-28 00:09 <DIR> d-------- C:\Arquivos de programas\LogMeIn 2008-08-28 00:08 . 2008-08-28 00:08 1,024 --a------ C:\.rnd 2008-08-27 23:53 . 2008-08-27 23:53 <DIR> d-------- C:\Arquivos de programas\SymNetDrv 2008-08-27 19:55 . 2008-08-27 19:55 86 --a------ C:\WINDOWS\wininit.ini 2008-08-27 19:35 . 2008-08-25 18:48 3,262 --a------ C:\WINDOWS\system32\2.ico 2008-08-27 19:22 . 2008-08-27 19:22 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys 2008-08-27 19:21 . 2008-08-27 19:32 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Symantec 2008-08-27 19:21 . 2008-08-27 19:21 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\AdobeUM 2008-08-27 19:21 . 2008-08-27 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Symantec 2008-08-27 19:21 . 2008-08-27 23:53 <DIR> d-------- C:\Arquivos de programas\Symantec 2008-08-27 19:21 . 2008-08-27 23:55 <DIR> d-------- C:\Arquivos de programas\Norton AntiVirus 2008-08-27 19:21 . 2008-08-28 06:11 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared 2008-08-27 19:21 . 2006-09-15 22:52 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-08-27 19:21 . 2006-09-15 22:52 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-08-27 19:18 . 2008-08-27 19:18 <DIR> d-------- C:\Arquivos de programas\MSA 2008-08-27 19:18 . 2008-08-26 17:23 167,424 --a------ C:\WINDOWS\system32\MSA.cpl 2008-08-27 19:18 . 2008-08-25 18:48 3,262 --a------ C:\WINDOWS\system32\1.ico 2008-08-27 08:06 . 2008-08-28 06:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\services 2008-08-27 08:01 . 2008-08-27 08:02 7,238 --a------ C:\wmcodec_update.exe 2008-08-27 08:00 . 2008-08-27 08:00 <DIR> d-------- C:\WINDOWS\Elven Mists 2 2008-08-27 08:00 . 2008-08-27 08:00 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Intenium 2008-08-26 22:11 . 2008-08-26 22:11 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Thunderbird 2008-08-26 22:11 . 2008-08-26 22:11 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Talkback 2008-08-26 22:11 . 2008-08-28 09:11 <DIR> d-------- C:\Arquivos de programas\Mozilla Thunderbird 2008-08-26 20:45 . 2008-08-26 20:45 2,291,712 --a------ C:\WINDOWS\system32\TUKernel.exe 2008-08-26 20:36 . 2008-08-26 20:36 <DIR> d-------- C:\Arquivos de programas\PowerQuest 2008-08-26 20:30 . 2006-12-19 16:53 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-08-26 20:29 . 2008-08-26 20:29 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\TuneUp Software 2008-08-26 20:29 . 2008-08-26 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software 2008-08-26 20:29 . 2008-08-26 20:39 <DIR> d-------- C:\Arquivos de programas\TuneUp Utilities 2007 2008-08-26 20:29 . 2008-08-26 20:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard 2008-08-26 20:28 . 2008-08-26 20:28 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead 2008-08-26 20:28 . 2008-08-26 20:28 <DIR> d-------- C:\Arquivos de programas\Ahead 2008-08-26 20:28 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2008-08-26 20:28 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2008-08-26 20:28 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2008-08-26 20:28 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2008-08-26 20:28 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2008-08-26 20:28 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys 2008-08-26 20:28 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2008-08-26 20:28 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2008-08-26 20:27 . 2008-08-26 20:27 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\ACD Systems 2008-08-26 20:26 . 2008-08-26 20:26 <DIR> d-------- C:\Arquivos de programas\ACD Systems 2008-08-25 18:44 . 2008-08-25 18:44 <DIR> d-------- C:\Arquivos de programas\ReflexiveArcade 2008-08-24 19:01 . 2008-08-24 19:02 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-08-24 18:13 . 2008-08-26 15:28 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Skype 2008-08-24 18:13 . 2008-08-24 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Skype 2008-08-24 18:13 . 2008-08-24 18:13 <DIR> d-------- C:\Arquivos de programas\Skype 2008-08-24 18:13 . 2008-08-24 18:13 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype 2008-08-24 18:04 . 2008-08-28 14:29 <DIR> d-------- C:\Jogos 2008-08-24 18:04 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2008-08-24 14:42 . 2008-08-24 14:42 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Media Player Classic 2008-08-24 09:47 . 2008-08-24 09:47 <DIR> d-------- C:\Arquivos de programas\PluginLetras 2008-08-24 08:46 . 2008-08-24 08:47 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Toolbar 2008-08-24 08:46 . 2008-08-24 08:47 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Lite 2008-08-24 00:29 . 2008-08-24 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems 2008-08-24 00:29 . 2008-08-24 00:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared 2008-08-24 00:29 . 2008-08-26 20:41 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe 2008-08-24 00:25 . 2008-08-24 00:27 <DIR> d-------- C:\Arquivos de programas\BitLord 2008-08-24 00:22 . 2008-08-24 08:50 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2008-08-24 00:22 . 2008-08-24 00:22 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy 2008-08-24 00:19 . 2008-08-24 00:19 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\DAEMON Tools 2008-08-24 00:19 . 2008-08-24 00:20 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-08-24 00:16 . 2008-08-25 14:27 <DIR> d-------- C:\Documents and Settings\Caco\Contacts 2008-08-24 00:16 . 2008-08-24 00:16 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack 2008-08-23 23:04 . 2008-08-23 23:04 421 --a------ C:\WINDOWS\ODBC.INI 2008-08-23 23:03 . 2008-08-23 23:03 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-08-23 23:03 . 2008-08-23 23:03 <DIR> d-------- C:\Arquivos de programas\Microsoft Works 2008-08-23 23:03 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2008-08-23 23:01 . 2008-08-23 23:01 <DIR> dr-h----- C:\MSOCache 2008-08-23 22:15 . 2008-08-23 22:20 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller 2008-08-23 22:14 . 2008-08-23 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller 2008-08-23 22:14 . 2008-08-23 22:20 <DIR> d-------- C:\Arquivos de programas\Windows Live 2008-08-23 22:12 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-08-23 22:12 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-08-23 22:12 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-08-23 22:12 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-08-23 22:12 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-08-23 22:07 . 2008-08-23 22:07 <DIR> d-------- C:\Arquivos de programas\Alwil Software 2008-08-23 22:07 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2008-08-23 22:07 . 2003-03-18 16:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2008-08-23 22:07 . 2003-02-21 00:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll 2008-08-23 22:04 . 2008-08-23 22:04 0 --a------ C:\WINDOWS\nsreg.dat 2008-08-23 22:01 . 2008-08-23 22:01 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Creative 2008-08-23 21:59 . 2000-05-22 04:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx 2008-08-23 21:59 . 1999-10-10 21:00 41,984 --------- C:\WINDOWS\Ctregrun.exe 2008-08-23 21:55 . 2008-08-23 21:55 <DIR> d-------- C:\WINDOWS\system32\Data 2008-08-23 21:54 . 2004-02-18 09:52 176,128 --a------ C:\WINDOWS\system32\USBAudio.cpl 2008-08-23 21:54 . 2004-03-25 09:21 135,168 --a------ C:\WINDOWS\system32\USBAudio.crl 2008-08-23 21:54 . 2003-12-17 15:59 46,731 --a------ C:\WINDOWS\system32\usbaudio.chm 2008-08-23 21:54 . 2003-04-01 19:38 692 --a------ C:\WINDOWS\system32\USBAudio.cpl.manifest 2008-08-23 21:53 . 2008-08-23 21:59 <DIR> d-------- C:\Arquivos de programas\Creative 2008-08-23 21:53 . 2003-03-05 12:19 15,840 --a------ C:\WINDOWS\system32\drivers\PfModNT.sys 2008-08-23 21:50 . 2008-08-23 22:01 <DIR> d-------- C:\WINDOWS\nview 2008-08-23 21:50 . 2007-04-19 14:14 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-08-23 21:50 . 2007-04-19 00:26 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-08-23 21:50 . 2008-08-28 14:06 88,723 --a------ C:\WINDOWS\system32\nvapps.xml 2008-08-23 21:50 . 2007-04-19 00:26 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-08-23 21:47 . 2008-08-23 21:47 <DIR> d-------- C:\Arquivos de programas\JPEG Camera 2008-08-23 21:45 . 2008-08-23 21:45 <DIR> d---s---- C:\Documents and Settings\Caco\UserData . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-27 00:37 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2008-08-27 00:36 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield 2008-08-23 13:42 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-08-23 13:42 --------- d-----w C:\Arquivos de programas\Realtek 2008-08-23 13:40 --------- d-----w C:\Arquivos de programas\Intel 2008-08-23 13:31 --------- d-----w C:\Arquivos de programas\microsoft frontpage 2008-08-23 13:30 --------- d-----w C:\Arquivos de programas\Serviços on-line 2008-08-23 13:29 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços 2008-05-28 16:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll 2008-05-28 16:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll . ((((((((((((((((((((((((((((( snapshot@2008-08-28_14.06.57.39 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-28 18:36:58 3,262 ----a-r C:\WINDOWS\Installer\{CC419DDC-E0F0-4013-B25A-6FA036516F0D}\nfs_icon.exe + 2007-01-08 19:30:42 15,128 ----a-w C:\WINDOWS\LastGood\system32\x3daudio1_1.dll + 2007-03-12 20:42:30 1,123,696 ----a-w C:\WINDOWS\system32\D3DCompiler_33.dll + 2007-05-16 20:45:16 1,124,720 ----a-w C:\WINDOWS\system32\D3DCompiler_34.dll + 2007-03-15 20:57:58 443,752 ----a-w C:\WINDOWS\system32\d3dx10_33.dll + 2007-05-16 20:45:16 443,752 ----a-w C:\WINDOWS\system32\d3dx10_34.dll + 2007-03-12 20:42:30 3,495,784 ----a-w C:\WINDOWS\system32\d3dx9_33.dll + 2007-05-16 20:45:16 3,497,832 ----a-w C:\WINDOWS\system32\d3dx9_34.dll + 2007-03-05 16:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll + 2007-06-21 00:45:20 18,280 ----a-w C:\WINDOWS\system32\x3daudio1_2.dll + 2007-01-24 19:27:30 255,848 ----a-w C:\WINDOWS\system32\xactengine2_6.dll + 2007-04-04 22:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll + 2007-06-21 00:46:04 266,088 ----a-w C:\WINDOWS\system32\xactengine2_8.dll + 2007-04-04 22:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias & legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "BitComet"="C:\Arquivos de programas\BitLord\BitLord.exe" [2005-05-06 20:47 2224128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 00:26 7700480] "LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\WINDOWS\\system32\\logonui.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=ilwmmh.dll gsgxpz.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Acrobat Speed Launcher.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2091865e] --a------ 2008-08-28 06:04 103552 C:\WINDOWS\system32\gecwcsjs.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] --a------ 2004-12-14 02:12 483328 C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Antivirus] --a------ 2008-08-26 17:22 416768 C:\Arquivos de programas\MSA\MSA.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2007-02-21 16:50 58984 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCAPP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] --a------ 2003-09-17 10:43 57344 C:\Arquivos de programas\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-07-24 11:02 490952 C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-04-19 00:26 7700480 C:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-04-19 00:26 86016 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2007-07-02 17:10 23237416 C:\Arquivos de programas\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-07-07 09:42 2156368 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt] --a------ 2004-11-04 14:59 218240 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\usrprmpt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] --a------ 2008-08-27 23:53 100056 C:\ARQUIV~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-03 06:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-04-19 00:26 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2007-10-24 23:57 16855552 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] -r------- 2007-10-10 23:04 1826816 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "C:\\Arquivos de programas\\BitLord\\BitLord.exe"= "C:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 Agendador do LiveUpdate automático;Agendador do LiveUpdate automático;C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 17:57] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39] R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:45] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-10-31 20:56] R3 CAM1690;USB 2.0 Compliance JPEG Video Camera;C:\WINDOWS\system32\Drivers\cam1690.sys [2007-08-13 16:54] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Conteúdo da pasta 'Tarefas Agendadas' 2008-08-27 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Arquivos de programas\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 16:53] 2008-08-28 C:\WINDOWS\Tasks\Norton AntiVirus - Verificar o meu computador - Caco.job - C:\ARQUIV~1\NORTON~1\Navw32.exe [2005-07-18 16:16] . . ------- Ccan Suplementar ------- . FireFox -: Profile - C:\Documents and Settings\Caco\Dados de aplicativos\Mozilla\Firefox\Profiles\q8btqxig.default\ FF -: plugin - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\browser\nppdf32.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-28 19:25:52 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2008-08-28 19:26:23 ComboFix-quarantined-files.txt 2008-08-28 23:26:21 ComboFix2.txt 2008-08-28 18:17:39 Pre-Run: 7 pasta(s) 80,287,977,472 bytes disponíveis Post-Run: 11 pasta(s) 80,264,032,256 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=8E7Q0V 286 HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 19:29:18, on 28/8/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\explorer.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Documents and Settings\Caco\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bitComet] "C:\Arquivos de programas\BitLord\BitLord.exe" O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219543772266 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: ilwmmh.dll gsgxpz.dll O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Agosto 29, 2008 Boa Noite! Nemesys <!> Mantenha,ainda,a proteção TeaTimer do Spybot,desabilitada. -------------------------- <@> Selecione e copie,todo o conteúdo que está entre os XXXX,para o Bloco de Notas. <@> Salve-o,no Desktop,com o nome: CFScript.txt XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX File:: C:\Arquivos de programas\MSA\MSA.exe C:\WINDOWS\system32\MSA.cpl C:\WINDOWS\system32\gecwcsjs.dll C:\WINDOWS\system32\ilwmmh.dll C:\WINDOWS\system32\gsgxpz.dll C:\WINDOWS\Alcmtr.exe Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Antivirus] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2091865e] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000000 "UpdatesDisableNotify"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000000 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 1 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"="" Folder:: C:\Arquivos de programas\MSA XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX <@> Arraste,o CFScript.txt para o ícone/interior do ComboFix. <@> Veja a demonstração! <@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix. <@> Ps: Faça o arraste,até surgir essa solicitação! ( janela ) <@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Nemesys 0 Denunciar post Postado Agosto 29, 2008 ComboFix: ComboFix 08-08-27.06 - Caco 2008-08-28 22:20:49.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1681 [GMT -4:00] Executando de: C:\Documents and Settings\Caco\Desktop\kOMBO.EXE.exe Command switches used :: C:\Documents and Settings\Caco\Desktop\CFScript.txt * Criado um novo ponto de restauro FILE :: C:\Arquivos de programas\MSA\MSA.exe C:\WINDOWS\Alcmtr.exe C:\WINDOWS\system32\gecwcsjs.dll C:\WINDOWS\system32\gsgxpz.dll C:\WINDOWS\system32\ilwmmh.dll C:\WINDOWS\system32\MSA.cpl . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Arquivos de programas\MSA C:\Arquivos de programas\MSA\MSA.cpl C:\Arquivos de programas\MSA\MSA.exe C:\Arquivos de programas\MSA\msa0.dat C:\Arquivos de programas\MSA\msa1.dat C:\WINDOWS\Alcmtr.exe C:\WINDOWS\system32\gecwcsjs.dll C:\WINDOWS\system32\MSA.cpl . ((((((((((((((((((((((( Ficheiros criados de 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))) . 2008-08-28 21:02 . 2008-08-28 21:02 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\Symantec 2008-08-28 14:17 . 2008-08-28 14:17 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais 2008-08-28 14:17 . 2008-08-28 14:17 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais 2008-08-28 14:17 . 2008-08-28 14:17 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Configuraþ§es locais 2008-08-28 14:17 . 2008-08-28 14:17 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais 2008-08-28 14:17 . 2008-08-28 14:17 <DIR> d-------- C:\Documents and Settings\Caco\Configuraþ§es locais 2008-08-28 09:00 . 2008-08-28 14:24 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-08-28 08:59 . 2008-08-23 09:28 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Modelos 2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Meus documentos 2008-08-28 08:59 . 2008-08-23 05:25 <DIR> dr------- C:\Documents and Settings\LogMeInRemoteUser\Menu Iniciar 2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Favoritos 2008-08-28 08:59 . 2008-08-23 05:25 <DIR> dr-h----- C:\Documents and Settings\LogMeInRemoteUser\Dados de aplicativos 2008-08-28 08:59 . 2008-08-28 22:22 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Configurações locais 2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Ambiente de rede 2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Ambiente de impressão 2008-08-28 08:59 . 2008-08-28 15:07 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser 2008-08-28 00:09 . 2008-08-28 00:09 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\LogMeIn 2008-08-28 00:09 . 2008-05-28 12:32 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll 2008-08-28 00:09 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll 2008-08-28 00:09 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 2008-08-28 00:09 . 2008-05-28 12:33 24,608 --a------ C:\WINDOWS\system32\LMIport.dll 2008-08-28 00:08 . 2008-08-28 00:09 <DIR> d-------- C:\Arquivos de programas\LogMeIn 2008-08-28 00:08 . 2008-08-28 00:08 1,024 --a------ C:\.rnd 2008-08-27 23:53 . 2008-08-27 23:53 <DIR> d-------- C:\Arquivos de programas\SymNetDrv 2008-08-27 19:55 . 2008-08-27 19:55 86 --a------ C:\WINDOWS\wininit.ini 2008-08-27 19:35 . 2008-08-25 18:48 3,262 --a------ C:\WINDOWS\system32\2.ico 2008-08-27 19:22 . 2008-08-27 19:22 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys 2008-08-27 19:21 . 2008-08-27 19:32 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Symantec 2008-08-27 19:21 . 2008-08-27 19:21 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\AdobeUM 2008-08-27 19:21 . 2008-08-27 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Symantec 2008-08-27 19:21 . 2008-08-27 23:53 <DIR> d-------- C:\Arquivos de programas\Symantec 2008-08-27 19:21 . 2008-08-27 23:55 <DIR> d-------- C:\Arquivos de programas\Norton AntiVirus 2008-08-27 19:21 . 2008-08-28 06:11 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared 2008-08-27 19:21 . 2006-09-15 22:52 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-08-27 19:21 . 2006-09-15 22:52 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-08-27 19:18 . 2008-08-25 18:48 3,262 --a------ C:\WINDOWS\system32\1.ico 2008-08-27 08:06 . 2008-08-28 06:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\services 2008-08-27 08:01 . 2008-08-27 08:02 7,238 --a------ C:\wmcodec_update.exe 2008-08-27 08:00 . 2008-08-27 08:00 <DIR> d-------- C:\WINDOWS\Elven Mists 2 2008-08-27 08:00 . 2008-08-27 08:00 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Intenium 2008-08-26 22:11 . 2008-08-26 22:11 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Thunderbird 2008-08-26 22:11 . 2008-08-26 22:11 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Talkback 2008-08-26 22:11 . 2008-08-28 19:30 <DIR> d-------- C:\Arquivos de programas\Mozilla Thunderbird 2008-08-26 20:45 . 2008-08-26 20:45 2,291,712 --a------ C:\WINDOWS\system32\TUKernel.exe 2008-08-26 20:36 . 2008-08-26 20:36 <DIR> d-------- C:\Arquivos de programas\PowerQuest 2008-08-26 20:30 . 2006-12-19 16:53 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-08-26 20:29 . 2008-08-26 20:29 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\TuneUp Software 2008-08-26 20:29 . 2008-08-26 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software 2008-08-26 20:29 . 2008-08-26 20:39 <DIR> d-------- C:\Arquivos de programas\TuneUp Utilities 2007 2008-08-26 20:29 . 2008-08-26 20:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard 2008-08-26 20:28 . 2008-08-26 20:28 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead 2008-08-26 20:28 . 2008-08-26 20:28 <DIR> d-------- C:\Arquivos de programas\Ahead 2008-08-26 20:28 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2008-08-26 20:28 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2008-08-26 20:28 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2008-08-26 20:28 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2008-08-26 20:28 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2008-08-26 20:28 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys 2008-08-26 20:28 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2008-08-26 20:28 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2008-08-26 20:27 . 2008-08-26 20:27 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\ACD Systems 2008-08-26 20:26 . 2008-08-26 20:26 <DIR> d-------- C:\Arquivos de programas\ACD Systems 2008-08-25 18:44 . 2008-08-25 18:44 <DIR> d-------- C:\Arquivos de programas\ReflexiveArcade 2008-08-24 19:01 . 2008-08-24 19:02 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-08-24 18:13 . 2008-08-26 15:28 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Skype 2008-08-24 18:13 . 2008-08-24 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Skype 2008-08-24 18:13 . 2008-08-24 18:13 <DIR> d-------- C:\Arquivos de programas\Skype 2008-08-24 18:13 . 2008-08-24 18:13 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype 2008-08-24 18:04 . 2008-08-28 21:08 <DIR> d-------- C:\Jogos 2008-08-24 18:04 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2008-08-24 14:42 . 2008-08-24 14:42 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Media Player Classic 2008-08-24 09:47 . 2008-08-24 09:47 <DIR> d-------- C:\Arquivos de programas\PluginLetras 2008-08-24 08:46 . 2008-08-24 08:47 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Toolbar 2008-08-24 08:46 . 2008-08-24 08:47 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Lite 2008-08-24 00:29 . 2008-08-24 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems 2008-08-24 00:29 . 2008-08-24 00:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared 2008-08-24 00:29 . 2008-08-26 20:41 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe 2008-08-24 00:25 . 2008-08-24 00:27 <DIR> d-------- C:\Arquivos de programas\BitLord 2008-08-24 00:22 . 2008-08-24 08:50 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2008-08-24 00:22 . 2008-08-24 00:22 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy 2008-08-24 00:19 . 2008-08-24 00:19 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\DAEMON Tools 2008-08-24 00:19 . 2008-08-24 00:20 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-08-24 00:16 . 2008-08-25 14:27 <DIR> d-------- C:\Documents and Settings\Caco\Contacts 2008-08-24 00:16 . 2008-08-24 00:16 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack 2008-08-23 23:04 . 2008-08-23 23:04 421 --a------ C:\WINDOWS\ODBC.INI 2008-08-23 23:03 . 2008-08-23 23:03 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-08-23 23:03 . 2008-08-23 23:03 <DIR> d-------- C:\Arquivos de programas\Microsoft Works 2008-08-23 23:03 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2008-08-23 23:01 . 2008-08-23 23:01 <DIR> dr-h----- C:\MSOCache 2008-08-23 22:15 . 2008-08-23 22:20 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller 2008-08-23 22:14 . 2008-08-23 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller 2008-08-23 22:14 . 2008-08-23 22:20 <DIR> d-------- C:\Arquivos de programas\Windows Live 2008-08-23 22:12 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-08-23 22:12 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-08-23 22:12 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-08-23 22:12 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-08-23 22:12 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-08-23 22:07 . 2008-08-23 22:07 <DIR> d-------- C:\Arquivos de programas\Alwil Software 2008-08-23 22:07 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2008-08-23 22:07 . 2003-03-18 16:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2008-08-23 22:07 . 2003-02-21 00:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll 2008-08-23 22:04 . 2008-08-23 22:04 0 --a------ C:\WINDOWS\nsreg.dat 2008-08-23 22:01 . 2008-08-23 22:01 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Creative 2008-08-23 21:59 . 2000-05-22 04:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx 2008-08-23 21:59 . 1999-10-10 21:00 41,984 --------- C:\WINDOWS\Ctregrun.exe 2008-08-23 21:55 . 2008-08-23 21:55 <DIR> d-------- C:\WINDOWS\system32\Data 2008-08-23 21:54 . 2004-02-18 09:52 176,128 --a------ C:\WINDOWS\system32\USBAudio.cpl 2008-08-23 21:54 . 2004-03-25 09:21 135,168 --a------ C:\WINDOWS\system32\USBAudio.crl 2008-08-23 21:54 . 2003-12-17 15:59 46,731 --a------ C:\WINDOWS\system32\usbaudio.chm 2008-08-23 21:54 . 2003-04-01 19:38 692 --a------ C:\WINDOWS\system32\USBAudio.cpl.manifest 2008-08-23 21:53 . 2008-08-23 21:59 <DIR> d-------- C:\Arquivos de programas\Creative 2008-08-23 21:53 . 2003-03-05 12:19 15,840 --a------ C:\WINDOWS\system32\drivers\PfModNT.sys 2008-08-23 21:50 . 2008-08-23 22:01 <DIR> d-------- C:\WINDOWS\nview 2008-08-23 21:50 . 2007-04-19 14:14 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-08-23 21:50 . 2007-04-19 00:26 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-08-23 21:50 . 2008-08-28 20:57 88,723 --a------ C:\WINDOWS\system32\nvapps.xml 2008-08-23 21:50 . 2007-04-19 00:26 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-08-23 21:47 . 2008-08-23 21:47 <DIR> d-------- C:\Arquivos de programas\JPEG Camera 2008-08-23 21:45 . 2008-08-23 21:45 <DIR> d---s---- C:\Documents and Settings\Caco\UserData . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-27 00:37 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2008-08-27 00:36 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield 2008-08-23 13:42 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-08-23 13:42 --------- d-----w C:\Arquivos de programas\Realtek 2008-08-23 13:40 --------- d-----w C:\Arquivos de programas\Intel 2008-08-23 13:31 --------- d-----w C:\Arquivos de programas\microsoft frontpage 2008-08-23 13:30 --------- d-----w C:\Arquivos de programas\Serviços on-line 2008-08-23 13:29 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços . ((((((((((((((((((((((((((((( snapshot@2008-08-28_14.06.57.39 ))))))))))))))))))))))))))))))))))))))))) . + 2007-03-12 20:42:30 1,123,696 ----a-w C:\WINDOWS\system32\D3DCompiler_33.dll + 2007-05-16 20:45:16 1,124,720 ----a-w C:\WINDOWS\system32\D3DCompiler_34.dll + 2007-03-15 20:57:58 443,752 ----a-w C:\WINDOWS\system32\d3dx10_33.dll + 2007-05-16 20:45:16 443,752 ----a-w C:\WINDOWS\system32\d3dx10_34.dll + 2007-03-12 20:42:30 3,495,784 ----a-w C:\WINDOWS\system32\d3dx9_33.dll + 2007-05-16 20:45:16 3,497,832 ----a-w C:\WINDOWS\system32\d3dx9_34.dll + 2007-03-05 16:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll + 2007-06-21 00:45:20 18,280 ----a-w C:\WINDOWS\system32\x3daudio1_2.dll + 2007-01-24 19:27:30 255,848 ----a-w C:\WINDOWS\system32\xactengine2_6.dll + 2007-04-04 22:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll + 2007-06-21 00:46:04 266,088 ----a-w C:\WINDOWS\system32\xactengine2_8.dll + 2007-04-04 22:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias & legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "BitComet"="C:\Arquivos de programas\BitLord\BitLord.exe" [2005-05-06 20:47 2224128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 00:26 7700480] "LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\WINDOWS\\system32\\logonui.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Acrobat Speed Launcher.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] --a------ 2004-12-14 02:12 483328 C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2007-02-21 16:50 58984 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCAPP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] --a------ 2003-09-17 10:43 57344 C:\Arquivos de programas\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-07-24 11:02 490952 C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-04-19 00:26 7700480 C:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-04-19 00:26 86016 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2007-07-02 17:10 23237416 C:\Arquivos de programas\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-07-07 09:42 2156368 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt] --a------ 2004-11-04 14:59 218240 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\usrprmpt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] --a------ 2008-08-27 23:53 100056 C:\ARQUIV~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-04-19 00:26 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2007-10-24 23:57 16855552 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] -r------- 2007-10-10 23:04 1826816 C:\WINDOWS\SkyTel.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "C:\\Arquivos de programas\\BitLord\\BitLord.exe"= "C:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 Agendador do LiveUpdate automático;Agendador do LiveUpdate automático;C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 17:57] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39] R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:45] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-10-31 20:56] R3 CAM1690;USB 2.0 Compliance JPEG Video Camera;C:\WINDOWS\system32\Drivers\cam1690.sys [2007-08-13 16:54] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - APPMGMT *Newly Created Service* - CATCHME . Conteúdo da pasta 'Tarefas Agendadas' 2008-08-27 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Arquivos de programas\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 16:53] 2008-08-28 C:\WINDOWS\Tasks\Norton AntiVirus - Verificar o meu computador - Caco.job - C:\ARQUIV~1\NORTON~1\Navw32.exe [2005-07-18 16:16] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-28 22:22:09 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2008-08-28 22:22:36 ComboFix-quarantined-files.txt 2008-08-29 02:22:34 ComboFix2.txt 2008-08-28 23:26:24 ComboFix3.txt 2008-08-28 18:17:39 Pre-Run: 8 pasta(s) 91,114,102,784 bytes disponíveis Post-Run: 11 pasta(s) 91,103,571,968 bytes disponíveis 273 HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 22:23:02, on 28/8/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Documents and Settings\Caco\Desktop\Segurança\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bitComet] "C:\Arquivos de programas\BitLord\BitLord.exe" O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219543772266 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe obrigado mais uma vez... Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Agosto 29, 2008 Bom Dia! Nemesys <@> Vá a este Link,e baixe: < Malwarebytes > <@> Atualize o programa! <@> Escolha o escaneamento Completo! ( Full Scan ) <@> Desabilite programas de proteção,ao executar o malwarebytes. <@> Procure enviar os ítens,detectados,para a quarentena. <@> Para maiores detalhes: < Link > ----------------------- <@> Poste,o relatório: mbam-log-8-29-2008 (00-00-00).txt Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Nemesys 0 Denunciar post Postado Agosto 29, 2008 Log: Malwarebytes' Anti-Malware 1.25 Versão do banco de dados: 1094 Windows 5.1.2600 Service Pack 2 07:10:02 29/8/2008 mbam-log-08-29-2008 (07-10-02).txt Tipo de Verificação: Completa (C:\|E:\|) Objetos verificados: 61835 Tempo decorrido: 7 minute(s), 20 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 1 Valores do Registro infectados: 0 Ítens do Registro infectados: 0 Pastas infectadas: 0 Arquivos infectados: 20 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: HKEY_CLASSES_ROOT\qalkfxor.bgrm (Trojan.FakeAlert) -> Quarantined and deleted successfully. Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: C:\QooBox\Quarantine\C\WINDOWS\system32\cbXPggGV.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\cbXQggdA.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\efcAPgfc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\gecwcsjs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\gsgxpz.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\ilwmmh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\ofudcawn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\wigaqsme.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP43\A0002340.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP47\A0003892.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP47\A0003893.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP47\A0003906.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP48\A0003939.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP48\A0003937.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP48\A0003938.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP48\A0003940.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP48\A0003941.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP48\A0003942.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP48\A0003943.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP52\A0007075.dll (Trojan.Vundo) -> Quarantined and deleted successfully. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Agosto 29, 2008 Bom Dia! Nemesys <@> Vá em Iniciar --> Executar --> Digite: combofix.exe /u --> Clique: OK <@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança ) <@> Clique em Executar --> Aguarde! <@> Surgirá,finalmente,a mensagem: ComboFix desinstalado! <@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório! ------------------------- <@> Baixe: < CCleaner > <@> Salve-o no Desktop! <@> Com a opção < Limpador >,já selecionada,clique em Analisar. <@> Aguarde o progresso! <@> Terminando,clique em Executar Cleaner. <@> Na janela que surgir,dê o Ok. <@> Aguarde o progresso! <@> Selecionando a opção Registro,clique em Procurar erros. <@> Terminando,clique em Corrigir erros selecionados... <@> Na pergunta,clique em Sim! <@> Nomeie os backups e clique em Salvar. <@> Na janela que aparecer,clique em: Corrigir todos os erros selecionados <@> Clique em Ok --> Fechar. ------------------------- <!> Os logs estão limpos! <!> Bom trabalho! :thumbsup: Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Nemesys 0 Denunciar post Postado Agosto 29, 2008 Suuuuper Obrigado! Me livrou de uma madrugada formatando o pc. Valew! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Agosto 29, 2008 PROBLEMA RESOLVIDO! Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico. Compartilhar este post Link para o post Compartilhar em outros sites
