[Resolvido!]Nao consigo remover o Virtumond

[gabrielz 0]

E ai, galera?

 

sou novato aqui no fórum e to precisando de uma ajudinha pra tirar o virtu monde..

Ja baixei o arquivo da Symantec e o maldito nao saiu..

procurei em outros forums e nesse..

alguns tinham a solução, eu tentei, nao resolveu..

resultado: o maldito vírus ainda tá por aqui e eu nao consigo tirar =T

 

Segue o log do Hijack this, caso queiram analisar, se poderem:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:47:56, on 16/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\D-Tools\daemon.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Usuário\Desktop\KillBox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {22B027AB-36FC-46D3-B92F-FA18FEE58AE1} - C:\WINDOWS\system32\nnnllIxY.dll (file missing)

O2 - BHO: (no name) - {3822d701-5d55-4aed-8e7e-e7e915e86194} - C:\WINDOWS\system32\nomibare.dll

O2 - BHO: (no name) - {3839C1D9-6E36-475C-AEB8-3BAD5F6E4D05} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKLM\..\RunOnce: [innoSetupRegFile.0000000001] "C:\WINDOWS\is-O9QOJ.exe" /REG

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe"

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-19\..\Run: [yayazeloza] Rundll32.exe "C:\WINDOWS\system32\viruwuyo.dll",s (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [yayazeloza] Rundll32.exe "C:\WINDOWS\system32\viruwuyo.dll",s (User 'NETWORK SERVICE')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download All Links with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\hilunejo.dll c:\windows\system32\pabuvome.dll

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pabuvome.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 6304 bytes

 

 

 

 

Agradeço desde já..

:natal_biggrin:

Abraço ;@@

[MGuitar 11]

gabrielz, seja bem vindo ao fórum.

 

- Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

 

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);

● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;

● Após a instalação execute o programa;

● Marque a opção Verificação Rápida e depois clique em Verificar;

● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;

● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover.

OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;

● O log pode ser consultado clicando em Logs do menu principal também;

 

Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis.

[gabrielz 0]

gabrielz, seja bem vindo ao fórum.

 

- Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

 

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);

● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;

● Após a instalação execute o programa;

● Marque a opção Verificação Rápida e depois clique em Verificar;

● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;

● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover.

OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;

● O log pode ser consultado clicando em Logs do menu principal também;

 

Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis.

 

MGuitar, muito obrigado pela ajuda.

Acho que agora o virtu foi removido mesmo.

Seguem os logs do Hijack e do Malwarebytes, respectivamente:

 

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\D-Tools\daemon.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {22B027AB-36FC-46D3-B92F-FA18FEE58AE1} - C:\WINDOWS\system32\nnnllIxY.dll (file missing)

O2 - BHO: (no name) - {3839C1D9-6E36-475C-AEB8-3BAD5F6E4D05} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\RunOnce: [innoSetupRegFile.0000000001] "C:\WINDOWS\is-O9QOJ.exe" /REG

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe"

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-19\..\Run: [yayazeloza] Rundll32.exe "C:\WINDOWS\system32\viruwuyo.dll",s (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [yayazeloza] Rundll32.exe "C:\WINDOWS\system32\viruwuyo.dll",s (User 'NETWORK SERVICE')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download All Links with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\hilunejo.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 6007 bytes

 

 

 

 

 

MalwareBytes Antes da remoção:

Malwarebytes' Anti-Malware 1.31

Versão do banco de dados: 1506

Windows 5.1.2600 Service Pack 3

 

16/12/2008 09:57:10

mbam-log-2008-12-16 (09-57-10).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 46878

Tempo decorrido: 5 minute(s), 48 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 3

Chaves do Registro infectadas: 9

Valores do Registro infectados: 3

Ítens do Registro infectados: 2

Pastas infectadas: 0

Arquivos infectados: 12

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

C:\WINDOWS\system32\tefiyuvu.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\pabuvome.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\nomibare.dll (Trojan.Vundo.H) -> Delete on reboot.

 

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3822d701-5d55-4aed-8e7e-e7e915e86194} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3822d701-5d55-4aed-8e7e-e7e915e86194} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3822d701-5d55-4aed-8e7e-e7e915e86194} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm6b07f662 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.

 

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\pabuvome.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\pabuvome.dll -> Quarantined and deleted successfully.

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\WINDOWS\system32\jbuhrkil.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\likrhubj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kosuyapu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\upayusok.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tefiyuvu.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\uvuyifet.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wibarawu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\uwarabiw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pabuvome.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\nomibare.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\gelarijo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\datufobu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

 

 

 

Malwarebytes Após a Remoção e a reinicialização:

Malwarebytes' Anti-Malware 1.31

Versão do banco de dados: 1506

Windows 5.1.2600 Service Pack 3

 

16/12/2008 10:06:57

mbam-log-2008-12-16 (10-06-57).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 46594

Tempo decorrido: 5 minute(s), 38 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

[MGuitar 11]

Seu log ainda contém infecções.

 

Primeiramente abra o Malwarebytes Anti-Malware e clique na aba Quarentena. Selecione todos os itens lá e clique no botão Remover Tudo. Feche o programa.

 

- Faça o download do ComboFix e salve-o na área de trabalho;

 

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;

● Duplo clique no ícone combofix.exe para iniciar o scan;

● Leia o contrato que aparecerá e clique em Sim para continuar;

● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;

● Aguarde enquanto o ComboFix faz o scan;

● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;

● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;

● Se quiser sair ou parar o ComboFix, tecle N;

● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;

● Será gerado um log em C:\ComboFix.txt.

 

Cole este log em sua próxima resposta.

[gabrielz 0]

Segue o log do ComboFix:

 

ComboFix 08-12-15.08 - Usuário 2008-12-16 13:38:02.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2046.1008 [GMT -3:00]

Executando de: c:\documents and settings\Usuário\Desktop\Pasta Principal\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

c:\windows\system32\hoyorf.dll

c:\windows\system32\hudovuva.dll

c:\windows\system32\ksuulqwy.dll

c:\windows\system32\nepimari.dll

c:\windows\system32\tazobogi.dll

c:\windows\system32\YxIllnnn.ini

c:\windows\system32\YxIllnnn.ini2

 

----- BITS: Sites possivelmente infetados -----

 

hxxp://childhe.com

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-16 to 2008-12-16 ))))))))))))))))))))))))))))

.

 

2008-12-16 09:48 . 2008-12-16 09:48 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\Malwarebytes

2008-12-16 09:48 . 2008-12-16 09:48 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\Malwarebytes

2008-12-16 09:48 . 2008-12-16 09:48 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\Malwarebytes

2008-12-16 09:48 . 2008-12-16 09:48 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2008-12-16 09:48 . 2008-12-16 09:48 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-12-16 09:48 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-16 09:48 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-15 13:24 . 2008-12-15 13:24 <DIR> d-------- C:\!KillBox

2008-12-15 13:23 . 2008-12-15 13:23 <DIR> d-------- c:\arquivos de programas\Trend Micro

2008-12-15 13:20 . 2008-12-15 13:20 <DIR> d-------- C:\VundoFix Backups

2008-12-14 18:26 . 2008-12-14 19:31 96,976 --a------ c:\windows\system32\drivers\klin.dat

2008-12-14 18:26 . 2008-12-14 19:31 87,855 --a------ c:\windows\system32\drivers\klick.dat

2008-12-14 18:24 . 2008-12-16 10:01 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-12-14 18:24 . 2008-12-14 18:24 <DIR> d-------- c:\arquivos de programas\Kaspersky Lab

2008-12-14 18:24 . 2008-12-16 13:40 1,218,592 --ahs---- c:\windows\system32\drivers\fidbox.dat

2008-12-14 18:24 . 2008-12-16 13:41 20,768 --ahs---- c:\windows\system32\drivers\fidbox2.dat

2008-12-14 18:24 . 2008-12-16 13:39 17,348 --ahs---- c:\windows\system32\drivers\fidbox.idx

2008-12-14 18:24 . 2008-12-16 13:39 2,972 --ahs---- c:\windows\system32\drivers\fidbox2.idx

2008-12-14 18:22 . 2008-12-14 18:22 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2008-12-14 14:43 . 2008-12-14 14:48 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft

2008-12-14 14:43 . 2008-12-14 14:43 <DIR> d-------- c:\arquivos de programas\Lavasoft

2008-12-14 14:33 . 2008-12-13 12:56 236,032 --a------ c:\windows\system32\trz3.tmp.ren

2008-12-13 23:01 . 2008-12-13 23:01 <DIR> d-------- C:\Binaries

2008-12-13 23:01 . 2008-12-13 23:01 <DIR> d-------- c:\arquivos de programas\Webroot

2008-12-13 23:01 . 2008-11-13 17:11 1,553,272 --a------ c:\windows\WRSetup.dll

2008-12-13 22:59 . 2008-12-13 22:59 164 --a------ C:\install.dat

2008-12-13 22:43 . 2008-12-14 14:29 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-12-13 22:43 . 2008-12-14 05:56 <DIR> d-------- c:\arquivos de programas\Spybot - Search & Destroy

2008-12-13 13:13 . 2001-09-05 23:20 12,288 --a------ c:\windows\system32\drivers\mouhid.sys

2008-12-13 13:13 . 2001-09-05 23:20 12,288 --a------ c:\windows\system32\dllcache\mouhid.sys

2008-12-13 12:52 . 2008-12-13 12:52 <DIR> d-------- c:\arquivos de programas\Alwil Software

2008-12-13 12:52 . 2003-03-18 17:20 1,060,864 --a------ c:\windows\system32\MFC71.dll

2008-12-13 08:00 . 2008-12-13 08:00 <DIR> d-------- c:\arquivos de programas\Real Alternative

2008-12-13 08:00 . 2003-03-19 00:14 499,712 --a------ c:\windows\system32\msvcp71.dll

2008-12-06 15:39 . 2008-12-06 15:39 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\BSplayer Pro

2008-12-06 15:39 . 2008-12-06 15:39 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\BSplayer Pro

2008-12-06 15:39 . 2008-12-06 15:39 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\BSplayer Pro

2008-12-06 15:39 . 2008-12-06 18:12 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\BSplayer

2008-12-06 15:39 . 2008-12-06 18:12 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\BSplayer

2008-12-06 15:39 . 2008-12-06 18:12 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\BSplayer

2008-12-06 15:39 . 2008-12-06 15:39 <DIR> d-------- c:\arquivos de programas\Webteh

2008-12-06 15:14 . 2008-12-06 15:14 8 --a------ c:\windows\system32\nvModes.dat

2008-12-06 15:11 . 2008-12-06 15:11 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\Media Player Classic

2008-12-06 15:11 . 2008-12-06 15:11 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\Media Player Classic

2008-12-06 15:11 . 2008-12-06 15:11 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\Media Player Classic

2008-12-06 15:10 . 2008-09-19 18:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll

2008-12-06 15:10 . 2008-09-24 15:41 839,680 --a------ c:\windows\system32\lameACM.acm

2008-12-06 15:10 . 2008-01-10 09:15 755,027 --a------ c:\windows\system32\xvidcore.dll

2008-12-06 15:10 . 2008-10-28 19:35 684,032 --a------ c:\windows\system32\divx.dll

2008-12-06 15:10 . 2004-01-25 13:18 217,088 --a------ c:\windows\system32\yv12vfw.dll

2008-12-06 15:10 . 2008-01-10 09:16 159,839 --a------ c:\windows\system32\xvidvfw.dll

2008-12-06 15:10 . 2007-09-20 21:52 118,784 --a------ c:\windows\system32\ac3acm.acm

2008-12-06 15:10 . 2008-09-25 05:03 81,920 --a------ c:\windows\system32\dpl100.dll

2008-12-06 15:10 . 2008-11-24 11:32 57,344 --a------ c:\windows\system32\ff_vfw.dll

2008-12-06 15:10 . 2007-07-10 13:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest

2008-12-06 15:10 . 2008-10-03 09:30 414 --a------ c:\windows\system32\lame_acm.xml

2008-12-06 15:10 . 2008-07-30 16:09 38 --a------ c:\windows\avisplitter.ini

2008-12-06 10:58 . 2008-12-06 10:58 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\nView_Profiles

2008-12-01 18:22 . 2008-12-01 18:32 <DIR> d-------- c:\arquivos de programas\Teamspeak2_RC2

2008-11-27 18:29 . 2008-11-27 18:30 <DIR> d-------- C:\DVDVideoSoft

2008-11-27 18:28 . 2008-11-27 18:28 <DIR> d-------- c:\arquivos de programas\DVDVideoSoft

2008-11-27 18:28 . 2008-11-27 18:28 <DIR> d-------- c:\arquivos de programas\AskBarDis

2008-11-27 18:28 . 2008-11-27 18:28 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-14 22:31 112,144 ----a-w c:\windows\system32\drivers\kl1.sys

2008-12-14 20:05 --------- d-----w c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-12-14 17:29 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\DMCache

2008-12-14 17:29 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\DMCache

2008-12-14 17:29 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\DMCache

2008-12-14 17:26 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\uTorrent

2008-12-14 17:26 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\uTorrent

2008-12-14 17:26 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\uTorrent

2008-12-06 18:10 --------- d-----w c:\arquivos de programas\K-Lite Codec Pack

2008-12-02 14:24 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2008-11-20 11:44 --------- d-----w c:\arquivos de programas\Internet Download Manager

2008-11-17 14:13 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\IDM

2008-11-17 14:13 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\IDM

2008-11-17 14:13 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\IDM

2008-11-11 12:24 --------- d-----w c:\arquivos de programas\Microsoft Silverlight

2008-11-11 00:21 --------- d-----w c:\arquivos de programas\SystemRequirementsLab

2008-11-11 00:00 --------- d-----w c:\arquivos de programas\Arquivos comuns\DirectX

2008-11-10 23:24 --------- d-----w c:\arquivos de programas\EA GAMES

2008-11-10 18:47 --------- d-----w c:\arquivos de programas\PowerISO

2008-11-08 16:15 --------- d-----w c:\arquivos de programas\Ares

2008-11-08 12:55 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Adobe Systems

2008-11-08 12:55 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe Systems Shared

2008-11-08 12:55 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2008-11-06 06:06 --------- d-----w c:\arquivos de programas\Eset

2008-11-05 16:06 --------- d-----w c:\arquivos de programas\microsoft frontpage

2008-11-04 01:07 --------- d-----w c:\arquivos de programas\Mobile Vision PC Suite

2008-11-04 00:06 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf

2008-11-04 00:00 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_Motousbnet_01005.Wdf

2008-11-04 00:00 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motfilt_01005.Wdf

2008-11-03 23:59 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-11-03 23:59 --------- d-----w c:\arquivos de programas\Arquivos comuns\Motorola Shared

2008-11-03 22:29 --------- d-----w c:\arquivos de programas\Foxit Software

2008-11-03 04:27 --------- d-----w c:\arquivos de programas\Dacris Software

2008-11-02 23:04 --------- d-----w c:\arquivos de programas\Gpotato

2008-11-02 20:56 --------- d-----w c:\arquivos de programas\Cheat Engine

2008-11-02 19:27 --------- d-----w c:\arquivos de programas\D-Tools

2008-11-02 18:48 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-11-02 18:48 --------- d-----w c:\arquivos de programas\Rockstar Games

2008-11-02 18:36 --------- d-----w c:\arquivos de programas\uTorrent

2008-11-02 18:24 --------- d-----w c:\arquivos de programas\MSXML 6.0

2008-11-02 18:07 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2008-11-02 18:02 --------- d-----w c:\arquivos de programas\Windows Live

2008-11-02 17:58 --------- dcsh--w c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-11-02 17:56 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2008-11-02 17:44 --------- d-----w c:\arquivos de programas\AGEIA Technologies

2008-11-02 17:23 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\InstallShield

2008-11-02 17:23 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\InstallShield

2008-11-02 17:23 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\InstallShield

2008-11-02 17:23 --------- d-----w c:\arquivos de programas\Realtek

2008-11-02 17:22 15,600 ----a-w c:\windows\gdrv.sys

2008-11-02 17:20 315,392 ----a-w c:\windows\HideWin.exe

2008-11-02 17:20 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

2008-11-02 17:19 --------- d-----w c:\arquivos de programas\DIFX

2008-11-02 17:12 --------- d-----w c:\arquivos de programas\CCleaner

2008-11-02 17:11 --------- d-----w c:\arquivos de programas\Serviços on-line

2008-11-02 17:10 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2008-11-02 08:44 56,572 ----a-w c:\windows\system32\drivers\scdemu.sys

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

"ares"="c:\arquivos de programas\Ares\Ares.exe" [2008-08-21 888832]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"nwiz"="c:\windows\system32\nwiz.exe" [2008-10-07 1630208]

"DAEMON Tools-1033"="c:\arquivos de programas\D-Tools\daemon.exe" [2004-08-22 81920]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]

"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 171520]

"AVP"="c:\arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 218376]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-12-03 399504]

 

c:\documents and settings\Usu rio\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 06:43 69632 c:\windows\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

--a------ 2008-08-21 12:45 888832 c:\arquivos de programas\Ares\Ares.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]

--a------ 2007-06-28 12:51 218376 c:\arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]

--a------ 2008-10-28 08:39 2606512 c:\arquivos de programas\Internet Download Manager\IDMan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-13 23:21 1695232 c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2008-10-07 12:33 86016 c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a------ 2008-11-02 05:38 167936 c:\arquivos de programas\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-05-10 06:08 16342528 c:\windows\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Level Up! Games\\Grand Chase Season 2\\main.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Teamspeak2_RC2\\server_windows.exe"=

"c:\\Documents and Settings\\Usuário\\Desktop\\GuSTop.exe"=

"c:\\WINDOWS\\system32\\taskmgr.exe"=

"c:\\WINDOWS\\system32\\services.exe"=

"c:\\Arquivos de programas\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"49043:TCP"= 49043:TCP:49043

"49043:UDP"= 49043:UDP:49043

"80:TCP"= 80:TCP:80

"80:UDP"= 80:UDP:80

"8767:UDP"= 8767:UDP:8767

"2002:TCP"= 2002:TCP:2002

"2002:UDP"= 2002:UDP:2002

 

R2 MOTOVISION;MotoVision For E680/680i, A780/760/768 Virtual Camera;c:\windows\system32\DRIVERS\motovision.sys [2008-11-03 31145]

R3 DirectDrv;DirectDrv;c:\windows\system32\DRIVERS\MotoVisionDP.sys [2008-11-03 11941]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2008-11-03 6016]

S3 DBKDRVR54;DBKDRVR54;\??\c:\arquivos de programas\Cheat Engine\dbk32.sys [2008-11-02 35840]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2008-11-03 22016]

 

*Newly Created Service* - HELPSVC

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{22B027AB-36FC-46D3-B92F-FA18FEE58AE1} - c:\windows\system32\nnnllIxY.dll

BHO-{3839C1D9-6E36-475C-AEB8-3BAD5F6E4D05} - (no file)

HKLM-RunOnce-InnoSetupRegFile.0000000001 - c:\windows\is-O9QOJ.exe

MSConfigStartUp-6834c5fe - c:\windows\system32\gelarijo.dll

MSConfigStartUp-CPM6b07f662 - c:\windows\system32\womojozo.dll

MSConfigStartUp-yayazeloza - c:\windows\system32\viruwuyo.dll

 

 

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/

IE: Download All Links with IDM - c:\arquivos de programas\Internet Download Manager\IEGetAll.htm

IE: Download FLV video content with IDM - c:\arquivos de programas\Internet Download Manager\IEGetVL.htm

IE: Download with IDM - c:\arquivos de programas\Internet Download Manager\IEExt.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office10\EXCEL.EXE/3000

 

c:\windows\Downloaded Program Files\sysreqlab_srl.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}

hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab

c:\windows\Downloaded Program Files\sysreqlab.osd

FF - ProfilePath - c:\documents and settings\Usuário\Dados de aplicativos\Mozilla\Firefox\Profiles\r6shrju9.default\

FF - plugin: c:\arquivos de programas\Microsoft Silverlight\2.0.31005.0\npctrl.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-16 13:40:39

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(1148)

c:\windows\system32\klogon.dll

 

- - - - - - - > 'explorer.exe'(3748)

c:\arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-12-16 13:46:12 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-12-16 16:46:07

 

Pré-execução: 20 pasta(s) 42.932.027.392 bytes disponíveis

Pós execução: 20 pasta(s) 43,294,736,384 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

 

291 --- E O F --- 2008-12-11 06:01:04

 

 

 

 

 

 

 

 

 

 

 

 

Grato pela ajuda, novamente

[MGuitar 11]

Selecione e copie este texto aqui abaixo. Cole-o dentro do bloco de notas de seu computador e salve no desktop com o nome CFScript.txt

 

File::c:\windows\system32\trz3.tmp.renC:\install.datFolder::C:\!KillBoxC:\VundoFix BackupsRegistry::[HKEY_LOCAL_MACHINE\software\microsoft\security center]"UpdatesDisableNotify"=dword:00000000[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000000DirLook::C:\Binaries

 

Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

 

 

● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;

● Não use o mouse nem o teclado quando o ComboFix estiver rodando;

● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;

● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

 

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

[gabrielz 0]

Seguem os logs:

ComboFix 08-12-15.08 - Usuário 2008-12-17 18:35:36.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2046.1336 [GMT -3:00]

Executando de: c:\documents and settings\Usuário\Desktop\Pasta Principal\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Usuário\Desktop\Pasta Principal\CFScript.txt

* Criado um novo ponto de restauro

* Resident AV is active

 

 

FILE ::

C:\install.dat

c:\windows\system32\trz3.tmp.ren

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\!KillBox

c:\!killbox\hilunejo.dll

c:\!killbox\Logs\kb.log

c:\!killbox\viruwuyo.dll

c:\!killbox\womojozo.dll

C:\install.dat

C:\VundoFix Backups

c:\windows\system32\trz3.tmp.ren

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-17 to 2008-12-17 ))))))))))))))))))))))))))))

.

 

2008-12-17 06:04 . 2008-12-17 06:04 112,144 --a------ c:\windows\system32\drivers\kl1.sys

2008-12-17 03:01 . 2008-12-17 03:01 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2008-12-17 03:00 . 2007-06-28 12:51 206,088 --a------ c:\windows\system32\TBD7D.tmp

2008-12-16 09:48 . 2008-12-16 09:48 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\Malwarebytes

2008-12-16 09:48 . 2008-12-16 09:48 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\Malwarebytes

2008-12-16 09:48 . 2008-12-16 09:48 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\Malwarebytes

2008-12-16 09:48 . 2008-12-16 09:48 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2008-12-16 09:48 . 2008-12-16 09:48 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-12-16 09:48 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-16 09:48 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-15 13:23 . 2008-12-15 13:23 <DIR> d-------- c:\arquivos de programas\Trend Micro

2008-12-14 18:26 . 2008-12-14 19:31 96,976 --a------ c:\windows\system32\drivers\klin.dat

2008-12-14 18:26 . 2008-12-14 19:31 87,855 --a------ c:\windows\system32\drivers\klick.dat

2008-12-14 18:24 . 2008-12-16 10:01 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-12-14 18:24 . 2008-12-14 18:24 <DIR> d-------- c:\arquivos de programas\Kaspersky Lab

2008-12-14 18:24 . 2008-12-17 18:39 1,537,568 --ahs---- c:\windows\system32\drivers\fidbox.dat

2008-12-14 18:24 . 2008-12-17 18:39 38,176 --ahs---- c:\windows\system32\drivers\fidbox2.dat

2008-12-14 18:24 . 2008-12-16 13:39 17,348 --ahs---- c:\windows\system32\drivers\fidbox.idx

2008-12-14 18:24 . 2008-12-16 13:39 2,972 --ahs---- c:\windows\system32\drivers\fidbox2.idx

2008-12-14 18:22 . 2008-12-14 18:22 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2008-12-14 14:43 . 2008-12-14 14:48 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft

2008-12-14 14:43 . 2008-12-14 14:43 <DIR> d-------- c:\arquivos de programas\Lavasoft

2008-12-13 23:01 . 2008-12-13 23:01 <DIR> d-------- C:\Binaries

2008-12-13 23:01 . 2008-12-13 23:01 <DIR> d-------- c:\arquivos de programas\Webroot

2008-12-13 23:01 . 2008-11-13 17:11 1,553,272 --a------ c:\windows\WRSetup.dll

2008-12-13 22:43 . 2008-12-14 14:29 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-12-13 22:43 . 2008-12-14 05:56 <DIR> d-------- c:\arquivos de programas\Spybot - Search & Destroy

2008-12-13 13:13 . 2001-09-05 23:20 12,288 --a------ c:\windows\system32\drivers\mouhid.sys

2008-12-13 13:13 . 2001-09-05 23:20 12,288 --a------ c:\windows\system32\dllcache\mouhid.sys

2008-12-13 12:52 . 2008-12-13 12:52 <DIR> d-------- c:\arquivos de programas\Alwil Software

2008-12-13 12:52 . 2003-03-18 17:20 1,060,864 --a------ c:\windows\system32\MFC71.dll

2008-12-13 08:00 . 2008-12-13 08:00 <DIR> d-------- c:\arquivos de programas\Real Alternative

2008-12-13 08:00 . 2003-03-19 00:14 499,712 --a------ c:\windows\system32\msvcp71.dll

2008-12-06 15:39 . 2008-12-06 15:39 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\BSplayer Pro

2008-12-06 15:39 . 2008-12-06 15:39 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\BSplayer Pro

2008-12-06 15:39 . 2008-12-06 15:39 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\BSplayer Pro

2008-12-06 15:39 . 2008-12-06 18:12 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\BSplayer

2008-12-06 15:39 . 2008-12-06 18:12 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\BSplayer

2008-12-06 15:39 . 2008-12-06 18:12 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\BSplayer

2008-12-06 15:39 . 2008-12-06 15:39 <DIR> d-------- c:\arquivos de programas\Webteh

2008-12-06 15:14 . 2008-12-06 15:14 8 --a------ c:\windows\system32\nvModes.dat

2008-12-06 15:11 . 2008-12-06 15:11 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\Media Player Classic

2008-12-06 15:11 . 2008-12-06 15:11 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\Media Player Classic

2008-12-06 15:11 . 2008-12-06 15:11 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\Media Player Classic

2008-12-06 15:10 . 2008-09-19 18:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll

2008-12-06 15:10 . 2008-09-24 15:41 839,680 --a------ c:\windows\system32\lameACM.acm

2008-12-06 15:10 . 2008-01-10 09:15 755,027 --a------ c:\windows\system32\xvidcore.dll

2008-12-06 15:10 . 2008-10-28 19:35 684,032 --a------ c:\windows\system32\divx.dll

2008-12-06 15:10 . 2004-01-25 13:18 217,088 --a------ c:\windows\system32\yv12vfw.dll

2008-12-06 15:10 . 2008-01-10 09:16 159,839 --a------ c:\windows\system32\xvidvfw.dll

2008-12-06 15:10 . 2007-09-20 21:52 118,784 --a------ c:\windows\system32\ac3acm.acm

2008-12-06 15:10 . 2008-09-25 05:03 81,920 --a------ c:\windows\system32\dpl100.dll

2008-12-06 15:10 . 2008-11-24 11:32 57,344 --a------ c:\windows\system32\ff_vfw.dll

2008-12-06 15:10 . 2007-07-10 13:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest

2008-12-06 15:10 . 2008-10-03 09:30 414 --a------ c:\windows\system32\lame_acm.xml

2008-12-06 15:10 . 2008-07-30 16:09 38 --a------ c:\windows\avisplitter.ini

2008-12-06 10:58 . 2008-12-06 10:58 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\nView_Profiles

2008-12-01 18:22 . 2008-12-01 18:32 <DIR> d-------- c:\arquivos de programas\Teamspeak2_RC2

2008-11-27 18:29 . 2008-11-27 18:30 <DIR> d-------- C:\DVDVideoSoft

2008-11-27 18:28 . 2008-11-27 18:28 <DIR> d-------- c:\arquivos de programas\DVDVideoSoft

2008-11-27 18:28 . 2008-11-27 18:28 <DIR> d-------- c:\arquivos de programas\AskBarDis

2008-11-27 18:28 . 2008-11-27 18:28 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-14 20:05 --------- d-----w c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-12-14 17:29 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\DMCache

2008-12-14 17:29 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\DMCache

2008-12-14 17:29 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\DMCache

2008-12-14 17:26 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\uTorrent

2008-12-14 17:26 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\uTorrent

2008-12-14 17:26 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\uTorrent

2008-12-06 18:10 --------- d-----w c:\arquivos de programas\K-Lite Codec Pack

2008-12-02 14:24 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2008-11-20 11:44 --------- d-----w c:\arquivos de programas\Internet Download Manager

2008-11-17 14:13 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\IDM

2008-11-17 14:13 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\IDM

2008-11-17 14:13 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\IDM

2008-11-11 12:24 --------- d-----w c:\arquivos de programas\Microsoft Silverlight

2008-11-11 00:21 --------- d-----w c:\arquivos de programas\SystemRequirementsLab

2008-11-11 00:00 --------- d-----w c:\arquivos de programas\Arquivos comuns\DirectX

2008-11-10 23:24 --------- d-----w c:\arquivos de programas\EA GAMES

2008-11-10 18:47 --------- d-----w c:\arquivos de programas\PowerISO

2008-11-08 16:15 --------- d-----w c:\arquivos de programas\Ares

2008-11-08 12:55 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Adobe Systems

2008-11-08 12:55 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe Systems Shared

2008-11-08 12:55 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2008-11-07 19:45 2,174,976 ------w c:\windows\system32\dllcache\WMVCore.dll

2008-11-06 06:06 --------- d-----w c:\arquivos de programas\Eset

2008-11-05 16:06 --------- d-----w c:\arquivos de programas\microsoft frontpage

2008-11-04 01:07 --------- d-----w c:\arquivos de programas\Mobile Vision PC Suite

2008-11-04 00:06 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf

2008-11-04 00:00 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_Motousbnet_01005.Wdf

2008-11-04 00:00 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motfilt_01005.Wdf

2008-11-03 23:59 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-11-03 23:59 --------- d-----w c:\arquivos de programas\Arquivos comuns\Motorola Shared

2008-11-03 22:29 --------- d-----w c:\arquivos de programas\Foxit Software

2008-11-03 04:27 --------- d-----w c:\arquivos de programas\Dacris Software

2008-11-02 23:04 --------- d-----w c:\arquivos de programas\Gpotato

2008-11-02 20:56 --------- d-----w c:\arquivos de programas\Cheat Engine

2008-11-02 19:27 --------- d-----w c:\arquivos de programas\D-Tools

2008-11-02 18:48 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-11-02 18:48 --------- d-----w c:\arquivos de programas\Rockstar Games

2008-11-02 18:36 --------- d-----w c:\arquivos de programas\uTorrent

2008-11-02 18:24 --------- d-----w c:\arquivos de programas\MSXML 6.0

2008-11-02 18:07 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2008-11-02 18:02 --------- d-----w c:\arquivos de programas\Windows Live

2008-11-02 17:58 --------- dcsh--w c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-11-02 17:56 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2008-11-02 17:44 --------- d-----w c:\arquivos de programas\AGEIA Technologies

2008-11-02 17:23 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\InstallShield

2008-11-02 17:23 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\InstallShield

2008-11-02 17:23 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\InstallShield

2008-11-02 17:23 --------- d-----w c:\arquivos de programas\Realtek

2008-11-02 17:22 15,600 ----a-w c:\windows\gdrv.sys

2008-11-02 17:20 315,392 ----a-w c:\windows\HideWin.exe

2008-11-02 17:20 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

2008-11-02 17:19 --------- d-----w c:\arquivos de programas\DIFX

2008-11-02 17:12 --------- d-----w c:\arquivos de programas\CCleaner

2008-11-02 17:11 --------- d-----w c:\arquivos de programas\Serviços on-line

2008-11-02 17:10 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2008-11-02 08:44 56,572 ----a-w c:\windows\system32\drivers\scdemu.sys

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys

2008-10-23 12:37 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-23 12:37 286,720 ------w c:\windows\system32\dllcache\gdi32.dll

2008-10-17 04:53 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll

2008-10-16 17:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 17:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll

2008-10-16 17:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 17:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll

2008-10-16 17:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 17:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll

2008-10-16 17:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 17:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll

2008-10-16 17:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll

2008-10-16 17:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 17:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 17:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe

2008-10-16 17:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 17:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 17:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll

2008-10-16 17:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 17:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-16 13:15 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe

2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe

2008-10-15 16:36 337,408 ------w c:\windows\system32\dllcache\netapi32.dll

2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe

2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll

2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll

2008-10-03 10:04 247,326 ------w c:\windows\system32\dllcache\strmdll.dll

2008-10-02 12:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE

2008-09-30 19:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

---- Directory of C:\Binaries ----

 

2002-06-27 13:22 75 --a------ c:\binaries\SOAPVDIR.CMD

2002-06-27 13:22 11729 --a------ c:\binaries\_svdir.VBS

 

 

((((((((((((((((((((((((((((( snapshot@2008-12-16_13.45.04.87 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-12-17 06:01:05 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe

- 2008-11-02 17:12:21 8,738 ----a-w c:\windows\pchealth\helpctr\Config\Cntstore.bin

+ 2008-12-16 17:14:06 8,972 ----a-w c:\windows\pchealth\helpctr\Config\Cntstore.bin

- 2008-11-02 17:12:19 86,327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat

+ 2008-12-16 17:15:05 86,327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat

- 2008-11-02 17:12:21 2,112 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin

+ 2008-12-16 17:15:05 2,426 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin

+ 2008-09-30 19:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll

+ 2008-09-30 19:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"ares"="c:\arquivos de programas\Ares\Ares.exe" [2008-08-21 888832]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"nwiz"="c:\windows\system32\nwiz.exe" [2008-10-07 1630208]

"DAEMON Tools-1033"="c:\arquivos de programas\D-Tools\daemon.exe" [2004-08-22 81920]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]

"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 171520]

 

c:\documents and settings\Usu rio\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 06:43 69632 c:\windows\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

--a------ 2008-08-21 12:45 888832 c:\arquivos de programas\Ares\Ares.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]

--a------ 2008-10-28 08:39 2606512 c:\arquivos de programas\Internet Download Manager\IDMan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-13 23:21 1695232 c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2008-10-07 12:33 86016 c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a------ 2008-11-02 05:38 167936 c:\arquivos de programas\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-05-10 06:08 16342528 c:\windows\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-09-16 12:16 1833296 c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Level Up! Games\\Grand Chase Season 2\\main.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Teamspeak2_RC2\\server_windows.exe"=

"c:\\Documents and Settings\\Usuário\\Desktop\\GuSTop.exe"=

"c:\\WINDOWS\\system32\\taskmgr.exe"=

"c:\\WINDOWS\\system32\\services.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"49043:TCP"= 49043:TCP:49043

"49043:UDP"= 49043:UDP:49043

"80:TCP"= 80:TCP:80

"80:UDP"= 80:UDP:80

"8767:UDP"= 8767:UDP:8767

"2002:TCP"= 2002:TCP:2002

"2002:UDP"= 2002:UDP:2002

 

R2 MOTOVISION;MotoVision For E680/680i, A780/760/768 Virtual Camera;c:\windows\system32\DRIVERS\motovision.sys [2008-11-03 31145]

R3 DirectDrv;DirectDrv;c:\windows\system32\DRIVERS\MotoVisionDP.sys [2008-11-03 11941]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2008-11-03 6016]

S3 DBKDRVR54;DBKDRVR54;\??\c:\arquivos de programas\Cheat Engine\dbk32.sys [2008-11-02 35840]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2008-11-03 22016]

 

*Newly Created Service* - HELPSVC

.

- - - - ORFÃOS REMOVIDOS - - - -

 

MSConfigStartUp-AVP - c:\arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

 

 

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/

IE: Download All Links with IDM - c:\arquivos de programas\Internet Download Manager\IEGetAll.htm

IE: Download FLV video content with IDM - c:\arquivos de programas\Internet Download Manager\IEGetVL.htm

IE: Download with IDM - c:\arquivos de programas\Internet Download Manager\IEExt.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office10\EXCEL.EXE/3000

 

c:\windows\Downloaded Program Files\sysreqlab_srl.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}

hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab

c:\windows\Downloaded Program Files\sysreqlab.osd

FF - ProfilePath - c:\documents and settings\Usuário\Dados de aplicativos\Mozilla\Firefox\Profiles\r6shrju9.default\

FF - plugin: c:\arquivos de programas\Microsoft Silverlight\2.0.31005.0\npctrl.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-17 18:39:23

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(1148)

c:\windows\system32\klogon.dll

.

Tempo para conclusão: 2008-12-17 18:41:16

ComboFix-quarantined-files.txt 2008-12-17 21:41:13

ComboFix2.txt 2008-12-16 16:46:15

 

Pré-execução: 20 pasta(s) 42,720,342,016 bytes disponíveis

Pós execução: 18 pasta(s) 42,713,427,968 bytes disponíveis

 

309 --- E O F --- 2008-12-17 06:01:05

 

 

 

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:44:02, on 17/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\D-Tools\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {22B027AB-36FC-46D3-B92F-FA18FEE58AE1} - (no file)

O2 - BHO: (no name) - {3839C1D9-6E36-475C-AEB8-3BAD5F6E4D05} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\RunOnce: [innoSetupRegFile.0000000001] "C:\WINDOWS\is-O9QOJ.exe" /REG

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download All Links with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 5729 bytes

[MGuitar 11]

Execute o HijackThis e clique em Do a system scan only. Marque as entradas abaixo e clique no botão Fix Checked.

 

O2 - BHO: (no name) - {22B027AB-36FC-46D3-B92F-FA18FEE58AE1} - (no file)

 

O2 - BHO: (no name) - {3839C1D9-6E36-475C-AEB8-3BAD5F6E4D05} - (no file)

 

Feche o HijackThis.

 

- Com o navegador Internet Explorer, acesse o Eset Online Scanner;

- Marque a caixinha Yes, I accept the terms of use, e clique em Start.

- Na proxima janela clique com o botão direito sobre a caixinha e selecione Instalar controle activeX.

- Aguarde o aviso de segurança e clique em Instalar.

- Na proxima pagina, clique em Start e aguarde;

- Marque as auas caixinhas e clique em Scan. Aguarde;

- Quando o scan terminar o log podera ser visto em C:\arquivos de programas\esetonlinescanner\log.

 

Poste este log do scan online na sua proxima resposta.

[gabrielz 0]

Execute o HijackThis e clique em Do a system scan only. Marque as entradas abaixo e clique no botão Fix Checked.

 

O2 - BHO: (no name) - {22B027AB-36FC-46D3-B92F-FA18FEE58AE1} - (no file)

 

O2 - BHO: (no name) - {3839C1D9-6E36-475C-AEB8-3BAD5F6E4D05} - (no file)

 

Feche o HijackThis.

 

- Com o navegador Internet Explorer, acesse o Eset Online Scanner;

- Marque a caixinha Yes, I accept the terms of use, e clique em Start.

- Na proxima janela clique com o botão direito sobre a caixinha e selecione Instalar controle activeX.

- Aguarde o aviso de segurança e clique em Instalar.

- Na proxima pagina, clique em Start e aguarde;

- Marque as auas caixinhas e clique em Scan. Aguarde;

- Quando o scan terminar o log podera ser visto em C:\arquivos de programas\esetonlinescanner\log.

 

Poste este log do scan online na sua proxima resposta.

 

 

 

Aqui está o log:

 

# version=4

# OnlineScanner.ocx=1.0.0.635

# OnlineScannerDLLA.dll=1, 0, 0, 79

# OnlineScannerDLLW.dll=1, 0, 0, 78

# OnlineScannerUninstaller.exe=1, 0, 0, 49

# vers_standard_module=3702 (20081218)

# vers_arch_module=1.064 (20080214)

# vers_adv_heur_module=1.064 (20070717)

# EOSSerial=cf86592041dd0f4c9e8a4b9275fd4c37

# end=finished

# remove_checked=true

# unwanted_checked=true

# utc_time=2008-12-18 12:01:34

# local_time=2008-12-18 09:01:34 (-0300, Hora oficial do Brasil)

# country="Brazil"

# osver=5.1.2600 NT Service Pack 3

# scanned=129974

# found=1

# scan_time=1955

C:\Qoobox\Quarantine\C\WINDOWS\system32\trz3.tmp.ren.vir Win32/Adware.Virtumonde.FP application (unable to clean - deleted) 00000000000000000000000000000000

[MGuitar 11]

Vá em Iniciar > Executar, digite: combofix /u e dê um Enter. Caso existam ainda, delete as pastas do ComboFix em C:\Qoobox e C:\ComboFix. Delete o log ComboFix.txt também. Vá na pasta Arquivos de Programas e delete a pasta esetonlinescanner.

 

Seus logs estão limpos.

 

Há algum problema ainda?

[gabrielz 0]

Vá em Iniciar > Executar, digite: combofix /u e dê um Enter. Caso existam ainda, delete as pastas do ComboFix em C:\Qoobox e C:\ComboFix. Delete o log ComboFix.txt também. Vá na pasta Arquivos de Programas e delete a pasta esetonlinescanner.

 

Seus logs estão limpos.

 

Há algum problema ainda?

 

 

Muito obrigado, MGuitar =D

O computador nao está mais lento e o firefox não abre mais =D

[MGuitar 11]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.