[Resolvido!]Virtumonde

[Nemesys 0]

Galera o Spybot aqui em casa está acusando um tal de virtumonde e seus dll. já mandei remover, removi no registro e segui todos os passos que o SD manda, mas sempre q faço uma varredura ele reaparece. Como me livro desse?

 

Obrigado.

 

 

Log do Hijackthis:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 11:19:04, on 28/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\BitLord\BitLord.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Documents and Settings\Caco\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: qalkfxor - {FA9CBCB5-3330-4AF1-A2A3-30FE4C366215} - C:\WINDOWS\qalkfxor.dll (file missing)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219543772266

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: ilwmmh.dll gsgxpz.dll

O21 - SSODL: pdoskegl - {7E97518F-E349-485F-8031-F9C2ACE5F5E2} - C:\WINDOWS\pdoskegl.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

[DigRam 144]

Boa Tarde! Nemesys

 

<@> Abra o Spybot Search & Destroy!

<@> No menu superior,vá em Modo e selecione a opção Avançado. Confirme!

<@> Clique no botão Ferramentas e depois em Residente.

<@> Desmarque a opção: Ativar "TeaTimer" do Residente. ( Proteção geral das configurações de sistema )

--------------------------

<@> Faça o download do ComboFix.exe.

<@> Baixe-o para o Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

<@> Abrirá a janela Auto Scan. Aguarde!

<@> Digite a opção para continuar! >> Enter

<@> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado!

<@> Para parar ou sair do ComboFix,tecle "N".

----------------------

<@> Poste os relatórios: C:\ComboFix.txt + Log do HJT,atualizado.

 

Abraços!

[Nemesys 0]

Log do ComboFix:

 

ComboFix 08-08-27.06 - Caco 2008-08-28 13:59:58.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1592 [GMT -4:00]

Executando de: C:\Documents and Settings\Caco\Desktop\kOMBO.EXE.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\PCHealthCenter

C:\Arquivos de programas\PCHealthCenter\0.exe

C:\Arquivos de programas\PCHealthCenter\0.gif

C:\Arquivos de programas\PCHealthCenter\1.exe

C:\Arquivos de programas\PCHealthCenter\1.gif

C:\Arquivos de programas\PCHealthCenter\1.ico

C:\Arquivos de programas\PCHealthCenter\2.exe

C:\Arquivos de programas\PCHealthCenter\2.gif

C:\Arquivos de programas\PCHealthCenter\2.ico

C:\Arquivos de programas\PCHealthCenter\3.exe

C:\Arquivos de programas\PCHealthCenter\3.gif

C:\Arquivos de programas\PCHealthCenter\4.exe

C:\Arquivos de programas\PCHealthCenter\5.exe

C:\Arquivos de programas\PCHealthCenter\7.exe

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

C:\Documents and Settings\All Users\Dados de aplicativos\Secure Solutions

C:\Documents and Settings\All Users\Dados de aplicativos\Secure Solutions\Antispyware 2008 XP\as2008xp.exe

C:\Documents and Settings\All Users\Dados de aplicativos\Secure Solutions\Antispyware 2008 XP\LOG\20080827080630718.log

C:\Documents and Settings\All Users\Dados de aplicativos\Secure Solutions\Antispyware 2008 XP\LOG\20080827082420796.log

C:\Documents and Settings\All Users\Dados de aplicativos\Secure Solutions\Antispyware 2008 XP\LOG\20080827191709875.log

C:\Documents and Settings\All Users\Dados de aplicativos\Secure Solutions\Antispyware 2008 XP\LOG\20080827193146140.log

C:\Documents and Settings\Caco\Dados de aplicativos\Adobe\crc.dat

C:\update.exe

C:\WINDOWS\system32\AdggQXbc.ini

C:\WINDOWS\system32\AdggQXbc.ini2

C:\WINDOWS\system32\cbXPggGV.dll

C:\WINDOWS\system32\cbXQggdA.dll

C:\WINDOWS\system32\efcAPgfc.dll

C:\WINDOWS\system32\gsgxpz.dll

C:\WINDOWS\system32\ilwmmh.dll

C:\WINDOWS\system32\mmx31236.dll

C:\WINDOWS\system32\mx31236.dll

C:\WINDOWS\system32\ofudcawn.dll

C:\WINDOWS\system32\sjscwceg.ini

C:\WINDOWS\system32\tcbgscox.ini

C:\WINDOWS\system32\wigaqsme.dll

 

----- BITS: Sites possivelmente infetados -----

 

http://hqsextube08.com

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))))

.

 

2008-08-28 09:00 . 2008-08-28 10:58 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-08-28 08:59 . 2008-08-23 09:28 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Modelos

2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Meus documentos

2008-08-28 08:59 . 2008-08-23 05:25 <DIR> dr------- C:\Documents and Settings\LogMeInRemoteUser\Menu Iniciar

2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Favoritos

2008-08-28 08:59 . 2008-08-23 05:25 <DIR> dr-h----- C:\Documents and Settings\LogMeInRemoteUser\Dados de aplicativos

2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Configura‡äes locais

2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Ambiente de rede

2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Ambiente de impressÆo

2008-08-28 08:59 . 2008-08-28 13:39 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser

2008-08-28 06:04 . 2008-08-28 06:04 103,552 --a------ C:\WINDOWS\system32\gecwcsjs.dll

2008-08-28 00:09 . 2008-08-28 00:09 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\LogMeIn

2008-08-28 00:09 . 2008-05-28 12:32 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll

2008-08-28 00:09 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll

2008-08-28 00:09 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

2008-08-28 00:09 . 2008-05-28 12:33 24,608 --a------ C:\WINDOWS\system32\LMIport.dll

2008-08-28 00:08 . 2008-08-28 00:09 <DIR> d-------- C:\Arquivos de programas\LogMeIn

2008-08-28 00:08 . 2008-08-28 00:08 1,024 --a------ C:\.rnd

2008-08-27 23:53 . 2008-08-27 23:53 <DIR> d-------- C:\Arquivos de programas\SymNetDrv

2008-08-27 19:55 . 2008-08-27 19:55 86 --a------ C:\WINDOWS\wininit.ini

2008-08-27 19:35 . 2008-08-25 18:48 3,262 --a------ C:\WINDOWS\system32\2.ico

2008-08-27 19:22 . 2008-08-27 19:22 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys

2008-08-27 19:21 . 2008-08-27 19:32 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Symantec

2008-08-27 19:21 . 2008-08-27 19:21 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\AdobeUM

2008-08-27 19:21 . 2008-08-27 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-08-27 19:21 . 2008-08-27 23:53 <DIR> d-------- C:\Arquivos de programas\Symantec

2008-08-27 19:21 . 2008-08-27 23:55 <DIR> d-------- C:\Arquivos de programas\Norton AntiVirus

2008-08-27 19:21 . 2008-08-28 06:11 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-08-27 19:21 . 2006-09-15 22:52 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-08-27 19:21 . 2006-09-15 22:52 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-08-27 19:18 . 2008-08-27 19:18 <DIR> d-------- C:\Arquivos de programas\MSA

2008-08-27 19:18 . 2008-08-26 17:23 167,424 --a------ C:\WINDOWS\system32\MSA.cpl

2008-08-27 19:18 . 2008-08-25 18:48 3,262 --a------ C:\WINDOWS\system32\1.ico

2008-08-27 08:06 . 2008-08-28 06:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\services

2008-08-27 08:01 . 2008-08-27 08:02 7,238 --a------ C:\wmcodec_update.exe

2008-08-27 08:00 . 2008-08-27 08:00 <DIR> d-------- C:\WINDOWS\Elven Mists 2

2008-08-27 08:00 . 2008-08-27 08:00 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Intenium

2008-08-26 22:11 . 2008-08-26 22:11 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Thunderbird

2008-08-26 22:11 . 2008-08-26 22:11 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Talkback

2008-08-26 22:11 . 2008-08-28 09:11 <DIR> d-------- C:\Arquivos de programas\Mozilla Thunderbird

2008-08-26 20:45 . 2008-08-26 20:45 2,291,712 --a------ C:\WINDOWS\system32\TUKernel.exe

2008-08-26 20:36 . 2008-08-26 20:36 <DIR> d-------- C:\Arquivos de programas\PowerQuest

2008-08-26 20:30 . 2006-12-19 16:53 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll

2008-08-26 20:29 . 2008-08-26 20:29 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\TuneUp Software

2008-08-26 20:29 . 2008-08-26 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software

2008-08-26 20:29 . 2008-08-26 20:39 <DIR> d-------- C:\Arquivos de programas\TuneUp Utilities 2007

2008-08-26 20:29 . 2008-08-26 20:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-08-26 20:28 . 2008-08-26 20:28 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-08-26 20:28 . 2008-08-26 20:28 <DIR> d-------- C:\Arquivos de programas\Ahead

2008-08-26 20:28 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2008-08-26 20:28 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2008-08-26 20:28 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2008-08-26 20:28 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2008-08-26 20:28 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2008-08-26 20:28 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys

2008-08-26 20:28 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2008-08-26 20:28 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys

2008-08-26 20:27 . 2008-08-26 20:27 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\ACD Systems

2008-08-26 20:26 . 2008-08-26 20:26 <DIR> d-------- C:\Arquivos de programas\ACD Systems

2008-08-25 18:44 . 2008-08-25 18:44 <DIR> d-------- C:\Arquivos de programas\ReflexiveArcade

2008-08-24 19:01 . 2008-08-24 19:02 <DIR> d-------- C:\WINDOWS\system32\Adobe

2008-08-24 18:13 . 2008-08-26 15:28 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Skype

2008-08-24 18:13 . 2008-08-24 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-08-24 18:13 . 2008-08-24 18:13 <DIR> d-------- C:\Arquivos de programas\Skype

2008-08-24 18:13 . 2008-08-24 18:13 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

2008-08-24 18:04 . 2008-08-27 23:54 <DIR> d-------- C:\Jogos

2008-08-24 18:04 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-08-24 14:42 . 2008-08-24 14:42 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Media Player Classic

2008-08-24 09:47 . 2008-08-24 09:47 <DIR> d-------- C:\Arquivos de programas\PluginLetras

2008-08-24 08:46 . 2008-08-24 08:47 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Toolbar

2008-08-24 08:46 . 2008-08-24 08:47 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Lite

2008-08-24 00:29 . 2008-08-24 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2008-08-24 00:29 . 2008-08-24 00:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2008-08-24 00:29 . 2008-08-26 20:41 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-08-24 00:25 . 2008-08-24 00:27 <DIR> d-------- C:\Arquivos de programas\BitLord

2008-08-24 00:22 . 2008-08-24 08:50 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-08-24 00:22 . 2008-08-24 00:22 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-08-24 00:19 . 2008-08-24 00:19 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\DAEMON Tools

2008-08-24 00:19 . 2008-08-24 00:20 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-08-24 00:16 . 2008-08-25 14:27 <DIR> d-------- C:\Documents and Settings\Caco\Contacts

2008-08-24 00:16 . 2008-08-24 00:16 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-08-23 23:04 . 2008-08-23 23:04 421 --a------ C:\WINDOWS\ODBC.INI

2008-08-23 23:03 . 2008-08-23 23:03 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-08-23 23:03 . 2008-08-23 23:03 <DIR> d-------- C:\Arquivos de programas\Microsoft Works

2008-08-23 23:03 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-08-23 23:01 . 2008-08-23 23:01 <DIR> dr-h----- C:\MSOCache

2008-08-23 22:15 . 2008-08-23 22:20 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-08-23 22:14 . 2008-08-23 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-08-23 22:14 . 2008-08-23 22:20 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-08-23 22:12 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2008-08-23 22:12 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-08-23 22:12 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-08-23 22:12 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-08-23 22:12 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-08-23 22:07 . 2008-08-23 22:07 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-08-23 22:07 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-08-23 22:07 . 2003-03-18 16:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll

2008-08-23 22:07 . 2003-02-21 00:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll

2008-08-23 22:04 . 2008-08-23 22:04 0 --a------ C:\WINDOWS\nsreg.dat

2008-08-23 22:01 . 2008-08-23 22:01 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Creative

2008-08-23 21:59 . 2000-05-22 04:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx

2008-08-23 21:59 . 1999-10-10 21:00 41,984 --------- C:\WINDOWS\Ctregrun.exe

2008-08-23 21:55 . 2008-08-23 21:55 <DIR> d-------- C:\WINDOWS\system32\Data

2008-08-23 21:54 . 2004-02-18 09:52 176,128 --a------ C:\WINDOWS\system32\USBAudio.cpl

2008-08-23 21:54 . 2004-03-25 09:21 135,168 --a------ C:\WINDOWS\system32\USBAudio.crl

2008-08-23 21:54 . 2003-12-17 15:59 46,731 --a------ C:\WINDOWS\system32\usbaudio.chm

2008-08-23 21:54 . 2003-04-01 19:38 692 --a------ C:\WINDOWS\system32\USBAudio.cpl.manifest

2008-08-23 21:53 . 2008-08-23 21:59 <DIR> d-------- C:\Arquivos de programas\Creative

2008-08-23 21:53 . 2003-03-05 12:19 15,840 --a------ C:\WINDOWS\system32\drivers\PfModNT.sys

2008-08-23 21:50 . 2008-08-23 22:01 <DIR> d-------- C:\WINDOWS\nview

2008-08-23 21:50 . 2007-04-19 14:14 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-08-23 21:50 . 2007-04-19 00:26 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-08-23 21:50 . 2008-08-28 11:30 88,723 --a------ C:\WINDOWS\system32\nvapps.xml

2008-08-23 21:50 . 2007-04-19 00:26 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-08-23 21:47 . 2008-08-23 21:47 <DIR> d-------- C:\Arquivos de programas\JPEG Camera

2008-08-23 21:45 . 2008-08-23 21:45 <DIR> d---s---- C:\Documents and Settings\Caco\UserData

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-27 00:37 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-27 00:36 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-08-23 13:42 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-08-23 13:42 --------- d-----w C:\Arquivos de programas\Realtek

2008-08-23 13:40 --------- d-----w C:\Arquivos de programas\Intel

2008-08-23 13:31 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-08-23 13:30 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-08-23 13:29 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-05-28 16:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll

2008-05-28 16:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"BitComet"="C:\Arquivos de programas\BitLord\BitLord.exe" [2005-05-06 20:47 2224128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 00:26 7700480]

"LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoActiveDesktop"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=ilwmmh.dll gsgxpz.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Acrobat Speed Launcher.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk

backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2091865e]

--a------ 2008-08-28 06:04 103552 C:\WINDOWS\system32\gecwcsjs.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

--a------ 2004-12-14 02:12 483328 C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\acrotray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Antivirus]

--a------ 2008-08-26 17:22 416768 C:\Arquivos de programas\MSA\MSA.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

--a------ 2007-02-21 16:50 58984 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCAPP.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]

--a------ 2003-09-17 10:43 57344 C:\Arquivos de programas\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-07-24 11:02 490952 C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-04-19 00:26 7700480 C:\WINDOWS\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-04-19 00:26 86016 C:\WINDOWS\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2007-07-02 17:10 23237416 C:\Arquivos de programas\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-07-07 09:42 2156368 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]

--a------ 2004-11-04 14:59 218240 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\usrprmpt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

--a------ 2008-08-27 23:53 100056 C:\ARQUIV~1\SYMNET~1\SNDMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

--------- 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 06:43 69632 C:\WINDOWS\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-04-19 00:26 1626112 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-10-24 23:57 16855552 C:\WINDOWS\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r------- 2007-10-10 23:04 1826816 C:\WINDOWS\SkyTel.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\BitLord\\BitLord.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R2 Agendador do LiveUpdate automático;Agendador do LiveUpdate automático;C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 17:57]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:45]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-10-31 20:56]

R3 CAM1690;USB 2.0 Compliance JPEG Video Camera;C:\WINDOWS\system32\Drivers\cam1690.sys [2007-08-13 16:54]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Conte£do da pasta 'Tarefas Agendadas'

 

2008-08-27 C:\WINDOWS\Tasks\1-Click Maintenance.job

- C:\Arquivos de programas\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 16:53]

 

2008-08-28 C:\WINDOWS\Tasks\Norton AntiVirus - Verificar o meu computador - Caco.job

- C:\ARQUIV~1\NORTON~1\Navw32.exe [2005-07-18 16:16]

.

- - - - ORFAOS REMOVIDOS - - - -

 

SSODL-pdoskegl-{7E97518F-E349-485F-8031-F9C2ACE5F5E2} - C:\WINDOWS\pdoskegl.dll

MSConfigStartUp-Run - C:\Documents and Settings\Caco\Dados de aplicativos\Adobe\Manager.exe

MSConfigStartUp-s9201 - C:\Documents and Settings\All Users\Dados de aplicativos\Secure Solutions\Antispyware 2008 XP\as2008xp.exe

MSConfigStartUp-Waiting1690 - C:\Windows\stid1690.exe

 

 

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Caco\Dados de aplicativos\Mozilla\Firefox\Profiles\q8btqxig.default\

FF -: plugin - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\browser\nppdf32.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-28 14:04:35

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCSETMGR.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\CTSVCCDA.EXE

C:\Arquivos de programas\LogMeIn\x86\ramaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Norton AntiVirus\NAVAPSVC.EXE

C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMNTOR.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCEVTMGR.EXE

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\taskmgr.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-08-28 14:17:39 - Maquina reiniciou

ComboFix-quarantined-files.txt 2008-08-28 18:17:36

 

Pre-Run: 7 pasta(s) 92,694,446,080 bytes disponíveis

Post-Run: 10 pasta(s) 92,661,202,944 bytes dispon¡veis

 

328

 

 

 

*****************

 

 

Log do HijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 14:19:40, on 28/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Caco\Desktop\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitComet] "C:\Arquivos de programas\BitLord\BitLord.exe"

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219543772266

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: ilwmmh.dll gsgxpz.dll

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

 

 

 

 

Valew!

[DigRam 144]

Boa Tarde! Nemesys

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

<!> Para a segurança do PC,vamos providenciar a instalação do Console de Recuperação.

------------------------

<!> Vá ao site da Microsoft: < Link >

<!> Selecione o download,que seja adequado,ao seu Sistema Operacional!

 

 

<!> Faça o download,do arquivo,e salve-o no seu desktop.

<!> Feche todos os programas,que estejam abertos!

<!> Feche,também,seus programas de proteção! ( Antivírus,Antispywares e Firewall )

<!> Arraste o setup,baixado do site da Microsoft,para o interior do ComboFix.exe.

<!> Veja,abaixo,a demonstração!

 

 

<!> Siga as mensagens que aparecem na tela,para iniciar o ComboFix.

<!> Aceite o contrato de licença,para instalar o "Console de Recuperação da Microsoft".

<!> Na próxima mensagem,clique em "Yes",para realizar um scan com o ComboFix.

 

 

<!> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Nemesys 0]

ComboFix:

 

ComboFix 08-08-27.06 - Caco 2008-08-28 19:24:38.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1650 [GMT -4:00]

Executando de: C:\Documents and Settings\Caco\Desktop\kOMBO.EXE.exe

Command switches used :: C:\Documents and Settings\Caco\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))))

.

 

2008-08-28 14:17 . 2008-08-28 14:17 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-08-28 14:17 . 2008-08-28 14:17 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-08-28 14:17 . 2008-08-28 14:17 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Configuraþ§es locais

2008-08-28 14:17 . 2008-08-28 14:17 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-08-28 14:17 . 2008-08-28 14:17 <DIR> d-------- C:\Documents and Settings\Caco\Configuraþ§es locais

2008-08-28 09:00 . 2008-08-28 14:24 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-08-28 08:59 . 2008-08-23 09:28 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Modelos

2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Meus documentos

2008-08-28 08:59 . 2008-08-23 05:25 <DIR> dr------- C:\Documents and Settings\LogMeInRemoteUser\Menu Iniciar

2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Favoritos

2008-08-28 08:59 . 2008-08-23 05:25 <DIR> dr-h----- C:\Documents and Settings\LogMeInRemoteUser\Dados de aplicativos

2008-08-28 08:59 . 2008-08-28 19:25 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Configurações locais

2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Ambiente de rede

2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Ambiente de impressão

2008-08-28 08:59 . 2008-08-28 15:07 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser

2008-08-28 06:04 . 2008-08-28 06:04 103,552 --a------ C:\WINDOWS\system32\gecwcsjs.dll

2008-08-28 00:09 . 2008-08-28 00:09 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\LogMeIn

2008-08-28 00:09 . 2008-05-28 12:32 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll

2008-08-28 00:09 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll

2008-08-28 00:09 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

2008-08-28 00:09 . 2008-05-28 12:33 24,608 --a------ C:\WINDOWS\system32\LMIport.dll

2008-08-28 00:08 . 2008-08-28 00:09 <DIR> d-------- C:\Arquivos de programas\LogMeIn

2008-08-28 00:08 . 2008-08-28 00:08 1,024 --a------ C:\.rnd

2008-08-27 23:53 . 2008-08-27 23:53 <DIR> d-------- C:\Arquivos de programas\SymNetDrv

2008-08-27 19:55 . 2008-08-27 19:55 86 --a------ C:\WINDOWS\wininit.ini

2008-08-27 19:35 . 2008-08-25 18:48 3,262 --a------ C:\WINDOWS\system32\2.ico

2008-08-27 19:22 . 2008-08-27 19:22 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys

2008-08-27 19:21 . 2008-08-27 19:32 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Symantec

2008-08-27 19:21 . 2008-08-27 19:21 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\AdobeUM

2008-08-27 19:21 . 2008-08-27 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-08-27 19:21 . 2008-08-27 23:53 <DIR> d-------- C:\Arquivos de programas\Symantec

2008-08-27 19:21 . 2008-08-27 23:55 <DIR> d-------- C:\Arquivos de programas\Norton AntiVirus

2008-08-27 19:21 . 2008-08-28 06:11 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-08-27 19:21 . 2006-09-15 22:52 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-08-27 19:21 . 2006-09-15 22:52 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-08-27 19:18 . 2008-08-27 19:18 <DIR> d-------- C:\Arquivos de programas\MSA

2008-08-27 19:18 . 2008-08-26 17:23 167,424 --a------ C:\WINDOWS\system32\MSA.cpl

2008-08-27 19:18 . 2008-08-25 18:48 3,262 --a------ C:\WINDOWS\system32\1.ico

2008-08-27 08:06 . 2008-08-28 06:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\services

2008-08-27 08:01 . 2008-08-27 08:02 7,238 --a------ C:\wmcodec_update.exe

2008-08-27 08:00 . 2008-08-27 08:00 <DIR> d-------- C:\WINDOWS\Elven Mists 2

2008-08-27 08:00 . 2008-08-27 08:00 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Intenium

2008-08-26 22:11 . 2008-08-26 22:11 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Thunderbird

2008-08-26 22:11 . 2008-08-26 22:11 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Talkback

2008-08-26 22:11 . 2008-08-28 09:11 <DIR> d-------- C:\Arquivos de programas\Mozilla Thunderbird

2008-08-26 20:45 . 2008-08-26 20:45 2,291,712 --a------ C:\WINDOWS\system32\TUKernel.exe

2008-08-26 20:36 . 2008-08-26 20:36 <DIR> d-------- C:\Arquivos de programas\PowerQuest

2008-08-26 20:30 . 2006-12-19 16:53 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll

2008-08-26 20:29 . 2008-08-26 20:29 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\TuneUp Software

2008-08-26 20:29 . 2008-08-26 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software

2008-08-26 20:29 . 2008-08-26 20:39 <DIR> d-------- C:\Arquivos de programas\TuneUp Utilities 2007

2008-08-26 20:29 . 2008-08-26 20:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-08-26 20:28 . 2008-08-26 20:28 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-08-26 20:28 . 2008-08-26 20:28 <DIR> d-------- C:\Arquivos de programas\Ahead

2008-08-26 20:28 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2008-08-26 20:28 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2008-08-26 20:28 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2008-08-26 20:28 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2008-08-26 20:28 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2008-08-26 20:28 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys

2008-08-26 20:28 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2008-08-26 20:28 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys

2008-08-26 20:27 . 2008-08-26 20:27 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\ACD Systems

2008-08-26 20:26 . 2008-08-26 20:26 <DIR> d-------- C:\Arquivos de programas\ACD Systems

2008-08-25 18:44 . 2008-08-25 18:44 <DIR> d-------- C:\Arquivos de programas\ReflexiveArcade

2008-08-24 19:01 . 2008-08-24 19:02 <DIR> d-------- C:\WINDOWS\system32\Adobe

2008-08-24 18:13 . 2008-08-26 15:28 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Skype

2008-08-24 18:13 . 2008-08-24 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-08-24 18:13 . 2008-08-24 18:13 <DIR> d-------- C:\Arquivos de programas\Skype

2008-08-24 18:13 . 2008-08-24 18:13 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

2008-08-24 18:04 . 2008-08-28 14:29 <DIR> d-------- C:\Jogos

2008-08-24 18:04 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-08-24 14:42 . 2008-08-24 14:42 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Media Player Classic

2008-08-24 09:47 . 2008-08-24 09:47 <DIR> d-------- C:\Arquivos de programas\PluginLetras

2008-08-24 08:46 . 2008-08-24 08:47 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Toolbar

2008-08-24 08:46 . 2008-08-24 08:47 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Lite

2008-08-24 00:29 . 2008-08-24 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2008-08-24 00:29 . 2008-08-24 00:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2008-08-24 00:29 . 2008-08-26 20:41 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-08-24 00:25 . 2008-08-24 00:27 <DIR> d-------- C:\Arquivos de programas\BitLord

2008-08-24 00:22 . 2008-08-24 08:50 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-08-24 00:22 . 2008-08-24 00:22 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-08-24 00:19 . 2008-08-24 00:19 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\DAEMON Tools

2008-08-24 00:19 . 2008-08-24 00:20 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-08-24 00:16 . 2008-08-25 14:27 <DIR> d-------- C:\Documents and Settings\Caco\Contacts

2008-08-24 00:16 . 2008-08-24 00:16 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-08-23 23:04 . 2008-08-23 23:04 421 --a------ C:\WINDOWS\ODBC.INI

2008-08-23 23:03 . 2008-08-23 23:03 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-08-23 23:03 . 2008-08-23 23:03 <DIR> d-------- C:\Arquivos de programas\Microsoft Works

2008-08-23 23:03 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-08-23 23:01 . 2008-08-23 23:01 <DIR> dr-h----- C:\MSOCache

2008-08-23 22:15 . 2008-08-23 22:20 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-08-23 22:14 . 2008-08-23 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-08-23 22:14 . 2008-08-23 22:20 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-08-23 22:12 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2008-08-23 22:12 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-08-23 22:12 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-08-23 22:12 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-08-23 22:12 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-08-23 22:07 . 2008-08-23 22:07 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-08-23 22:07 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-08-23 22:07 . 2003-03-18 16:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll

2008-08-23 22:07 . 2003-02-21 00:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll

2008-08-23 22:04 . 2008-08-23 22:04 0 --a------ C:\WINDOWS\nsreg.dat

2008-08-23 22:01 . 2008-08-23 22:01 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Creative

2008-08-23 21:59 . 2000-05-22 04:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx

2008-08-23 21:59 . 1999-10-10 21:00 41,984 --------- C:\WINDOWS\Ctregrun.exe

2008-08-23 21:55 . 2008-08-23 21:55 <DIR> d-------- C:\WINDOWS\system32\Data

2008-08-23 21:54 . 2004-02-18 09:52 176,128 --a------ C:\WINDOWS\system32\USBAudio.cpl

2008-08-23 21:54 . 2004-03-25 09:21 135,168 --a------ C:\WINDOWS\system32\USBAudio.crl

2008-08-23 21:54 . 2003-12-17 15:59 46,731 --a------ C:\WINDOWS\system32\usbaudio.chm

2008-08-23 21:54 . 2003-04-01 19:38 692 --a------ C:\WINDOWS\system32\USBAudio.cpl.manifest

2008-08-23 21:53 . 2008-08-23 21:59 <DIR> d-------- C:\Arquivos de programas\Creative

2008-08-23 21:53 . 2003-03-05 12:19 15,840 --a------ C:\WINDOWS\system32\drivers\PfModNT.sys

2008-08-23 21:50 . 2008-08-23 22:01 <DIR> d-------- C:\WINDOWS\nview

2008-08-23 21:50 . 2007-04-19 14:14 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-08-23 21:50 . 2007-04-19 00:26 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-08-23 21:50 . 2008-08-28 14:06 88,723 --a------ C:\WINDOWS\system32\nvapps.xml

2008-08-23 21:50 . 2007-04-19 00:26 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-08-23 21:47 . 2008-08-23 21:47 <DIR> d-------- C:\Arquivos de programas\JPEG Camera

2008-08-23 21:45 . 2008-08-23 21:45 <DIR> d---s---- C:\Documents and Settings\Caco\UserData

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-27 00:37 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-27 00:36 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-08-23 13:42 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-08-23 13:42 --------- d-----w C:\Arquivos de programas\Realtek

2008-08-23 13:40 --------- d-----w C:\Arquivos de programas\Intel

2008-08-23 13:31 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-08-23 13:30 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-08-23 13:29 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-05-28 16:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll

2008-05-28 16:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-08-28_14.06.57.39 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-08-28 18:36:58 3,262 ----a-r C:\WINDOWS\Installer\{CC419DDC-E0F0-4013-B25A-6FA036516F0D}\nfs_icon.exe

+ 2007-01-08 19:30:42 15,128 ----a-w C:\WINDOWS\LastGood\system32\x3daudio1_1.dll

+ 2007-03-12 20:42:30 1,123,696 ----a-w C:\WINDOWS\system32\D3DCompiler_33.dll

+ 2007-05-16 20:45:16 1,124,720 ----a-w C:\WINDOWS\system32\D3DCompiler_34.dll

+ 2007-03-15 20:57:58 443,752 ----a-w C:\WINDOWS\system32\d3dx10_33.dll

+ 2007-05-16 20:45:16 443,752 ----a-w C:\WINDOWS\system32\d3dx10_34.dll

+ 2007-03-12 20:42:30 3,495,784 ----a-w C:\WINDOWS\system32\d3dx9_33.dll

+ 2007-05-16 20:45:16 3,497,832 ----a-w C:\WINDOWS\system32\d3dx9_34.dll

+ 2007-03-05 16:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll

+ 2007-06-21 00:45:20 18,280 ----a-w C:\WINDOWS\system32\x3daudio1_2.dll

+ 2007-01-24 19:27:30 255,848 ----a-w C:\WINDOWS\system32\xactengine2_6.dll

+ 2007-04-04 22:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll

+ 2007-06-21 00:46:04 266,088 ----a-w C:\WINDOWS\system32\xactengine2_8.dll

+ 2007-04-04 22:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"BitComet"="C:\Arquivos de programas\BitLord\BitLord.exe" [2005-05-06 20:47 2224128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 00:26 7700480]

"LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=ilwmmh.dll gsgxpz.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Acrobat Speed Launcher.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk

backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2091865e]

--a------ 2008-08-28 06:04 103552 C:\WINDOWS\system32\gecwcsjs.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

--a------ 2004-12-14 02:12 483328 C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\acrotray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Antivirus]

--a------ 2008-08-26 17:22 416768 C:\Arquivos de programas\MSA\MSA.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

--a------ 2007-02-21 16:50 58984 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCAPP.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]

--a------ 2003-09-17 10:43 57344 C:\Arquivos de programas\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-07-24 11:02 490952 C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-04-19 00:26 7700480 C:\WINDOWS\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-04-19 00:26 86016 C:\WINDOWS\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2007-07-02 17:10 23237416 C:\Arquivos de programas\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-07-07 09:42 2156368 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]

--a------ 2004-11-04 14:59 218240 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\usrprmpt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

--a------ 2008-08-27 23:53 100056 C:\ARQUIV~1\SYMNET~1\SNDMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

--------- 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 06:43 69632 C:\WINDOWS\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-04-19 00:26 1626112 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-10-24 23:57 16855552 C:\WINDOWS\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r------- 2007-10-10 23:04 1826816 C:\WINDOWS\SkyTel.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\BitLord\\BitLord.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R2 Agendador do LiveUpdate automático;Agendador do LiveUpdate automático;C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 17:57]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:45]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-10-31 20:56]

R3 CAM1690;USB 2.0 Compliance JPEG Video Camera;C:\WINDOWS\system32\Drivers\cam1690.sys [2007-08-13 16:54]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-08-27 C:\WINDOWS\Tasks\1-Click Maintenance.job

- C:\Arquivos de programas\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 16:53]

 

2008-08-28 C:\WINDOWS\Tasks\Norton AntiVirus - Verificar o meu computador - Caco.job

- C:\ARQUIV~1\NORTON~1\Navw32.exe [2005-07-18 16:16]

.

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Caco\Dados de aplicativos\Mozilla\Firefox\Profiles\q8btqxig.default\

FF -: plugin - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\browser\nppdf32.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-28 19:25:52

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-08-28 19:26:23

ComboFix-quarantined-files.txt 2008-08-28 23:26:21

ComboFix2.txt 2008-08-28 18:17:39

 

Pre-Run: 7 pasta(s) 80,287,977,472 bytes disponíveis

Post-Run: 11 pasta(s) 80,264,032,256 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=8E7Q0V

 

286

 

 

 

HijackThis:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 19:29:18, on 28/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\Documents and Settings\Caco\Desktop\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitComet] "C:\Arquivos de programas\BitLord\BitLord.exe"

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219543772266

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: ilwmmh.dll gsgxpz.dll

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

[DigRam 144]

Boa Noite! Nemesys

 

<!> Mantenha,ainda,a proteção TeaTimer do Spybot,desabilitada.

--------------------------

<@> Selecione e copie,todo o conteúdo que está entre os XXXX,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

File::

C:\Arquivos de programas\MSA\MSA.exe

C:\WINDOWS\system32\MSA.cpl

C:\WINDOWS\system32\gecwcsjs.dll

C:\WINDOWS\system32\ilwmmh.dll

C:\WINDOWS\system32\gsgxpz.dll

C:\WINDOWS\Alcmtr.exe

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Antivirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2091865e]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000000

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=""

Folder::

C:\Arquivos de programas\MSA

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Nemesys 0]

ComboFix:

 

ComboFix 08-08-27.06 - Caco 2008-08-28 22:20:49.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1681 [GMT -4:00]

Executando de: C:\Documents and Settings\Caco\Desktop\kOMBO.EXE.exe

Command switches used :: C:\Documents and Settings\Caco\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

FILE ::

C:\Arquivos de programas\MSA\MSA.exe

C:\WINDOWS\Alcmtr.exe

C:\WINDOWS\system32\gecwcsjs.dll

C:\WINDOWS\system32\gsgxpz.dll

C:\WINDOWS\system32\ilwmmh.dll

C:\WINDOWS\system32\MSA.cpl

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\MSA

C:\Arquivos de programas\MSA\MSA.cpl

C:\Arquivos de programas\MSA\MSA.exe

C:\Arquivos de programas\MSA\msa0.dat

C:\Arquivos de programas\MSA\msa1.dat

C:\WINDOWS\Alcmtr.exe

C:\WINDOWS\system32\gecwcsjs.dll

C:\WINDOWS\system32\MSA.cpl

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))

.

 

2008-08-28 21:02 . 2008-08-28 21:02 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\Symantec

2008-08-28 14:17 . 2008-08-28 14:17 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-08-28 14:17 . 2008-08-28 14:17 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-08-28 14:17 . 2008-08-28 14:17 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Configuraþ§es locais

2008-08-28 14:17 . 2008-08-28 14:17 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-08-28 14:17 . 2008-08-28 14:17 <DIR> d-------- C:\Documents and Settings\Caco\Configuraþ§es locais

2008-08-28 09:00 . 2008-08-28 14:24 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-08-28 08:59 . 2008-08-23 09:28 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Modelos

2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Meus documentos

2008-08-28 08:59 . 2008-08-23 05:25 <DIR> dr------- C:\Documents and Settings\LogMeInRemoteUser\Menu Iniciar

2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Favoritos

2008-08-28 08:59 . 2008-08-23 05:25 <DIR> dr-h----- C:\Documents and Settings\LogMeInRemoteUser\Dados de aplicativos

2008-08-28 08:59 . 2008-08-28 22:22 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Configurações locais

2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Ambiente de rede

2008-08-28 08:59 . 2008-08-23 05:25 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Ambiente de impressão

2008-08-28 08:59 . 2008-08-28 15:07 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser

2008-08-28 00:09 . 2008-08-28 00:09 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\LogMeIn

2008-08-28 00:09 . 2008-05-28 12:32 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll

2008-08-28 00:09 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll

2008-08-28 00:09 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

2008-08-28 00:09 . 2008-05-28 12:33 24,608 --a------ C:\WINDOWS\system32\LMIport.dll

2008-08-28 00:08 . 2008-08-28 00:09 <DIR> d-------- C:\Arquivos de programas\LogMeIn

2008-08-28 00:08 . 2008-08-28 00:08 1,024 --a------ C:\.rnd

2008-08-27 23:53 . 2008-08-27 23:53 <DIR> d-------- C:\Arquivos de programas\SymNetDrv

2008-08-27 19:55 . 2008-08-27 19:55 86 --a------ C:\WINDOWS\wininit.ini

2008-08-27 19:35 . 2008-08-25 18:48 3,262 --a------ C:\WINDOWS\system32\2.ico

2008-08-27 19:22 . 2008-08-27 19:22 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys

2008-08-27 19:21 . 2008-08-27 19:32 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Symantec

2008-08-27 19:21 . 2008-08-27 19:21 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\AdobeUM

2008-08-27 19:21 . 2008-08-27 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-08-27 19:21 . 2008-08-27 23:53 <DIR> d-------- C:\Arquivos de programas\Symantec

2008-08-27 19:21 . 2008-08-27 23:55 <DIR> d-------- C:\Arquivos de programas\Norton AntiVirus

2008-08-27 19:21 . 2008-08-28 06:11 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-08-27 19:21 . 2006-09-15 22:52 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-08-27 19:21 . 2006-09-15 22:52 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-08-27 19:18 . 2008-08-25 18:48 3,262 --a------ C:\WINDOWS\system32\1.ico

2008-08-27 08:06 . 2008-08-28 06:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\services

2008-08-27 08:01 . 2008-08-27 08:02 7,238 --a------ C:\wmcodec_update.exe

2008-08-27 08:00 . 2008-08-27 08:00 <DIR> d-------- C:\WINDOWS\Elven Mists 2

2008-08-27 08:00 . 2008-08-27 08:00 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Intenium

2008-08-26 22:11 . 2008-08-26 22:11 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Thunderbird

2008-08-26 22:11 . 2008-08-26 22:11 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Talkback

2008-08-26 22:11 . 2008-08-28 19:30 <DIR> d-------- C:\Arquivos de programas\Mozilla Thunderbird

2008-08-26 20:45 . 2008-08-26 20:45 2,291,712 --a------ C:\WINDOWS\system32\TUKernel.exe

2008-08-26 20:36 . 2008-08-26 20:36 <DIR> d-------- C:\Arquivos de programas\PowerQuest

2008-08-26 20:30 . 2006-12-19 16:53 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll

2008-08-26 20:29 . 2008-08-26 20:29 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\TuneUp Software

2008-08-26 20:29 . 2008-08-26 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software

2008-08-26 20:29 . 2008-08-26 20:39 <DIR> d-------- C:\Arquivos de programas\TuneUp Utilities 2007

2008-08-26 20:29 . 2008-08-26 20:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-08-26 20:28 . 2008-08-26 20:28 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-08-26 20:28 . 2008-08-26 20:28 <DIR> d-------- C:\Arquivos de programas\Ahead

2008-08-26 20:28 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2008-08-26 20:28 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2008-08-26 20:28 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2008-08-26 20:28 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2008-08-26 20:28 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2008-08-26 20:28 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys

2008-08-26 20:28 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2008-08-26 20:28 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys

2008-08-26 20:27 . 2008-08-26 20:27 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\ACD Systems

2008-08-26 20:26 . 2008-08-26 20:26 <DIR> d-------- C:\Arquivos de programas\ACD Systems

2008-08-25 18:44 . 2008-08-25 18:44 <DIR> d-------- C:\Arquivos de programas\ReflexiveArcade

2008-08-24 19:01 . 2008-08-24 19:02 <DIR> d-------- C:\WINDOWS\system32\Adobe

2008-08-24 18:13 . 2008-08-26 15:28 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Skype

2008-08-24 18:13 . 2008-08-24 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-08-24 18:13 . 2008-08-24 18:13 <DIR> d-------- C:\Arquivos de programas\Skype

2008-08-24 18:13 . 2008-08-24 18:13 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

2008-08-24 18:04 . 2008-08-28 21:08 <DIR> d-------- C:\Jogos

2008-08-24 18:04 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-08-24 14:42 . 2008-08-24 14:42 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Media Player Classic

2008-08-24 09:47 . 2008-08-24 09:47 <DIR> d-------- C:\Arquivos de programas\PluginLetras

2008-08-24 08:46 . 2008-08-24 08:47 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Toolbar

2008-08-24 08:46 . 2008-08-24 08:47 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Lite

2008-08-24 00:29 . 2008-08-24 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2008-08-24 00:29 . 2008-08-24 00:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2008-08-24 00:29 . 2008-08-26 20:41 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-08-24 00:25 . 2008-08-24 00:27 <DIR> d-------- C:\Arquivos de programas\BitLord

2008-08-24 00:22 . 2008-08-24 08:50 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-08-24 00:22 . 2008-08-24 00:22 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-08-24 00:19 . 2008-08-24 00:19 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\DAEMON Tools

2008-08-24 00:19 . 2008-08-24 00:20 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-08-24 00:16 . 2008-08-25 14:27 <DIR> d-------- C:\Documents and Settings\Caco\Contacts

2008-08-24 00:16 . 2008-08-24 00:16 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-08-23 23:04 . 2008-08-23 23:04 421 --a------ C:\WINDOWS\ODBC.INI

2008-08-23 23:03 . 2008-08-23 23:03 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-08-23 23:03 . 2008-08-23 23:03 <DIR> d-------- C:\Arquivos de programas\Microsoft Works

2008-08-23 23:03 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-08-23 23:01 . 2008-08-23 23:01 <DIR> dr-h----- C:\MSOCache

2008-08-23 22:15 . 2008-08-23 22:20 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-08-23 22:14 . 2008-08-23 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-08-23 22:14 . 2008-08-23 22:20 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-08-23 22:12 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2008-08-23 22:12 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-08-23 22:12 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-08-23 22:12 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-08-23 22:12 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-08-23 22:07 . 2008-08-23 22:07 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-08-23 22:07 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-08-23 22:07 . 2003-03-18 16:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll

2008-08-23 22:07 . 2003-02-21 00:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll

2008-08-23 22:04 . 2008-08-23 22:04 0 --a------ C:\WINDOWS\nsreg.dat

2008-08-23 22:01 . 2008-08-23 22:01 <DIR> d-------- C:\Documents and Settings\Caco\Dados de aplicativos\Creative

2008-08-23 21:59 . 2000-05-22 04:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx

2008-08-23 21:59 . 1999-10-10 21:00 41,984 --------- C:\WINDOWS\Ctregrun.exe

2008-08-23 21:55 . 2008-08-23 21:55 <DIR> d-------- C:\WINDOWS\system32\Data

2008-08-23 21:54 . 2004-02-18 09:52 176,128 --a------ C:\WINDOWS\system32\USBAudio.cpl

2008-08-23 21:54 . 2004-03-25 09:21 135,168 --a------ C:\WINDOWS\system32\USBAudio.crl

2008-08-23 21:54 . 2003-12-17 15:59 46,731 --a------ C:\WINDOWS\system32\usbaudio.chm

2008-08-23 21:54 . 2003-04-01 19:38 692 --a------ C:\WINDOWS\system32\USBAudio.cpl.manifest

2008-08-23 21:53 . 2008-08-23 21:59 <DIR> d-------- C:\Arquivos de programas\Creative

2008-08-23 21:53 . 2003-03-05 12:19 15,840 --a------ C:\WINDOWS\system32\drivers\PfModNT.sys

2008-08-23 21:50 . 2008-08-23 22:01 <DIR> d-------- C:\WINDOWS\nview

2008-08-23 21:50 . 2007-04-19 14:14 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-08-23 21:50 . 2007-04-19 00:26 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-08-23 21:50 . 2008-08-28 20:57 88,723 --a------ C:\WINDOWS\system32\nvapps.xml

2008-08-23 21:50 . 2007-04-19 00:26 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-08-23 21:47 . 2008-08-23 21:47 <DIR> d-------- C:\Arquivos de programas\JPEG Camera

2008-08-23 21:45 . 2008-08-23 21:45 <DIR> d---s---- C:\Documents and Settings\Caco\UserData

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-27 00:37 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-27 00:36 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-08-23 13:42 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-08-23 13:42 --------- d-----w C:\Arquivos de programas\Realtek

2008-08-23 13:40 --------- d-----w C:\Arquivos de programas\Intel

2008-08-23 13:31 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-08-23 13:30 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-08-23 13:29 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

.

 

((((((((((((((((((((((((((((( snapshot@2008-08-28_14.06.57.39 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-03-12 20:42:30 1,123,696 ----a-w C:\WINDOWS\system32\D3DCompiler_33.dll

+ 2007-05-16 20:45:16 1,124,720 ----a-w C:\WINDOWS\system32\D3DCompiler_34.dll

+ 2007-03-15 20:57:58 443,752 ----a-w C:\WINDOWS\system32\d3dx10_33.dll

+ 2007-05-16 20:45:16 443,752 ----a-w C:\WINDOWS\system32\d3dx10_34.dll

+ 2007-03-12 20:42:30 3,495,784 ----a-w C:\WINDOWS\system32\d3dx9_33.dll

+ 2007-05-16 20:45:16 3,497,832 ----a-w C:\WINDOWS\system32\d3dx9_34.dll

+ 2007-03-05 16:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll

+ 2007-06-21 00:45:20 18,280 ----a-w C:\WINDOWS\system32\x3daudio1_2.dll

+ 2007-01-24 19:27:30 255,848 ----a-w C:\WINDOWS\system32\xactengine2_6.dll

+ 2007-04-04 22:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll

+ 2007-06-21 00:46:04 266,088 ----a-w C:\WINDOWS\system32\xactengine2_8.dll

+ 2007-04-04 22:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"BitComet"="C:\Arquivos de programas\BitLord\BitLord.exe" [2005-05-06 20:47 2224128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 00:26 7700480]

"LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Acrobat Speed Launcher.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk

backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

--a------ 2004-12-14 02:12 483328 C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\acrotray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

--a------ 2007-02-21 16:50 58984 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCAPP.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]

--a------ 2003-09-17 10:43 57344 C:\Arquivos de programas\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-07-24 11:02 490952 C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-04-19 00:26 7700480 C:\WINDOWS\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-04-19 00:26 86016 C:\WINDOWS\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2007-07-02 17:10 23237416 C:\Arquivos de programas\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-07-07 09:42 2156368 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]

--a------ 2004-11-04 14:59 218240 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\usrprmpt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

--a------ 2008-08-27 23:53 100056 C:\ARQUIV~1\SYMNET~1\SNDMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

--------- 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-04-19 00:26 1626112 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-10-24 23:57 16855552 C:\WINDOWS\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r------- 2007-10-10 23:04 1826816 C:\WINDOWS\SkyTel.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\BitLord\\BitLord.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R2 Agendador do LiveUpdate automático;Agendador do LiveUpdate automático;C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 17:57]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:45]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-10-31 20:56]

R3 CAM1690;USB 2.0 Compliance JPEG Video Camera;C:\WINDOWS\system32\Drivers\cam1690.sys [2007-08-13 16:54]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

*Newly Created Service* - APPMGMT

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-08-27 C:\WINDOWS\Tasks\1-Click Maintenance.job

- C:\Arquivos de programas\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 16:53]

 

2008-08-28 C:\WINDOWS\Tasks\Norton AntiVirus - Verificar o meu computador - Caco.job

- C:\ARQUIV~1\NORTON~1\Navw32.exe [2005-07-18 16:16]

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-28 22:22:09

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-08-28 22:22:36

ComboFix-quarantined-files.txt 2008-08-29 02:22:34

ComboFix2.txt 2008-08-28 23:26:24

ComboFix3.txt 2008-08-28 18:17:39

 

Pre-Run: 8 pasta(s) 91,114,102,784 bytes disponíveis

Post-Run: 11 pasta(s) 91,103,571,968 bytes disponíveis

 

273

 

 

 

HijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 22:23:02, on 28/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Caco\Desktop\Segurança\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitComet] "C:\Arquivos de programas\BitLord\BitLord.exe"

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219543772266

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

 

 

obrigado mais uma vez...

[DigRam 144]

Bom Dia! Nemesys

 

<@> Vá a este Link,e baixe:

 

< Malwarebytes >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo! ( Full Scan )

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens,detectados,para a quarentena.

<@> Para maiores detalhes: < Link >

-----------------------

<@> Poste,o relatório: mbam-log-8-29-2008 (00-00-00).txt

 

Abraços!

[Nemesys 0]

Log:

 

 

Malwarebytes' Anti-Malware 1.25

Versão do banco de dados: 1094

Windows 5.1.2600 Service Pack 2

 

07:10:02 29/8/2008

mbam-log-08-29-2008 (07-10-02).txt

 

Tipo de Verificação: Completa (C:\|E:\|)

Objetos verificados: 61835

Tempo decorrido: 7 minute(s), 20 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 1

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 20

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\qalkfxor.bgrm (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\QooBox\Quarantine\C\WINDOWS\system32\cbXPggGV.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\cbXQggdA.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\efcAPgfc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\gecwcsjs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\gsgxpz.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\ilwmmh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\ofudcawn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\wigaqsme.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP43\A0002340.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP47\A0003892.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP47\A0003893.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP47\A0003906.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP48\A0003939.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP48\A0003937.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP48\A0003938.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP48\A0003940.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP48\A0003941.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP48\A0003942.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP48\A0003943.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AFBF0A20-F93C-49FE-BE46-AD3B6D525C39}\RP52\A0007075.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

[DigRam 144]

Bom Dia! Nemesys

 

<@> Vá em Iniciar --> Executar --> Digite: combofix.exe /u --> Clique: OK

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: ComboFix desinstalado!

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

-------------------------

<@> Baixe: < CCleaner >

<@> Salve-o no Desktop!

<@> Com a opção < Limpador >,já selecionada,clique em Analisar.

<@> Aguarde o progresso!

<@> Terminando,clique em Executar Cleaner.

<@> Na janela que surgir,dê o Ok.

<@> Aguarde o progresso!

<@> Selecionando a opção Registro,clique em Procurar erros.

<@> Terminando,clique em Corrigir erros selecionados...

<@> Na pergunta,clique em Sim!

<@> Nomeie os backups e clique em Salvar.

<@> Na janela que aparecer,clique em: Corrigir todos os erros selecionados

<@> Clique em Ok --> Fechar.

-------------------------

<!> Os logs estão limpos!

<!> Bom trabalho! :thumbsup:

 

Abraços!

[Nemesys 0]

Suuuuper Obrigado! Me livrou de uma madrugada formatando o pc. Valew!

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.