[Resolvido!] Vírus cvasds0.dll

[felipeintheend 0]

Olá galera... Sou novo aqui e estou com um problema com o meu PC, abaixo vou explicar o problema e em seguida postar um log que eu fiz com o Hijack.

 

Eu passo o AV e tudo mais, e dá como se não tivesse nenhum vírus, e então o seguinte:

Quando eu clico na minha unidade de disco C: aparece um alerta do meu AV dizendo que foi encontrado um virus cvasds0.dll na pasta TEMP. e então eu vou la, deleto manualmente ou entao o AV deleta, só que quando eu clico denovo no C:, ele aparece DENOVO. Fiz um scan, e no log nao saiu nda sobre ele, mas sempre que eu clico no C: ele aparece na pasta TEMP e eu não consigo mais abrir a outra repartição D: clicando 2 vezes. O que eu devo fazer? formatar a C: onde eu tenho o meu windows e os programas ou é possível remover este virus?

 

E também, quando eu vou reiniciar ou desligar o meu PC, aparece uma msg de erro falando sobre esse arquivo, e meu pc nao desliga. Eu preciso desligar pelo botao power direto :s

 

Segue abaixo o log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:08:44, on 22/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Hijack\HiJackThis.exe

C:\WINDOWS\system32\wscntfy.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O2 - BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\FAMLIA~1\CONFIG~1\Temp\herss.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257397943328

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\kloehk.dll

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

 

--

End of file - 6942 bytes

 

 

Vlw galera

[DigRam 144]

Boa Noite! felipeintheend

 

<@> Baixe: < >

 

<@> < Link - 2 >

 

<@> < Link - 3 >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><><>

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

[felipeintheend 0]

Boa noite!

 

Bom, eu passei o Malwarebytes' Anti-Malware, e ele encontrou 3. Deletei os 3, e esse cvasds0.dll não esta aparecendo mais, porém, agora está aparecendo outro e eu consigo nao conseguindo abrir o C: com 2 cliques e sem que o AV alerta um virus, desta vez o virus que o Av esta alertando eh C:\opdux.exe. Aí o AV remove ele, e quando eu clico, ele aparece denovo, do mesmo jeito que estava acontecendo com o outro.

 

Segue abaixo os 2 logs:

 

Anti-Malware Log:

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 3215

Windows 5.1.2600 Service Pack 3

 

22/11/2009 22:04:35

mbam-log-2009-11-22 (22-04-35).txt

 

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 166023

Tempo decorrido: 17 minute(s), 25 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 1

Ítens do Registro infectados: 1

Pastas infectadas: 0

Arquivos infectados: 1

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.

 

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\Documents and Settings\Família\Configurações locais\Temp\herss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

 

Hijack log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:11:06, on 22/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe

C:\Hijack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O2 - BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\FAMLIA~1\CONFIG~1\Temp\herss.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257397943328

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\kloehk.dll

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

 

--

End of file - 7262 bytes

 

 

Abraço

[DigRam 144]

Boa Noite! felipeintheend

 

<@> Baixe: < > ( ...by sUBs )

 

<!> Link-2 --> < ForoSpyware >

 

<!> Link-3 --> < GeeksToGo >

 

<!> Link-4 --> < como usar o combofix >

 

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

 

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

 

 

<@> Clique em Ok.

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

 

 

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

 

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[felipeintheend 0]

Parece que o problema está resolvido *-*, mas da uma verificada ai nos relatorios só pra garantir, cliquei aqui e agra ta abrindo normal o C: e o D:

 

Caso seja só isso mesmo que eu devo fazer, ja posso deletar esses 2 programas? ComboFix e Hijack ou é bom deixar guardado pra caso ocorra de eu pegar outro virus? Abraço valeuzão

 

Aqui vai os 2 relatórios:

 

ComboFix:

 

ComboFix 09-11-22.04 - Família 22/11/2009 23:27.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.645 [GMT -2:00]

Executando de: c:\documents and settings\Família\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\autorun.inf

C:\opdux.exe

c:\windows\system32\drivers\etc\lmhosts

D:\Autorun.inf

D:\opdux.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_AVPsys

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-23 to 2009-11-23 ))))))))))))))))))))))))))))

.

 

2009-11-22 23:44 . 2009-09-10 16:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-22 23:44 . 2009-11-22 23:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-11-22 23:42 . 2009-11-22 23:44 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-11-22 23:42 . 2009-09-10 16:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-22 23:05 . 2009-11-23 00:11 -------- d-----w- C:\Hijack

2009-11-20 23:24 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

2009-11-20 16:26 . 2009-11-20 16:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FreeDownloadManager.ORG

2009-11-20 16:26 . 2009-11-20 16:27 -------- d-----w- c:\arquivos de programas\Free Download Manager

2009-11-20 16:04 . 2009-11-20 16:04 -------- d-----w- c:\arquivos de programas\Tag Support Plugin for Media Player

2009-11-20 01:58 . 2009-11-20 20:20 -------- d-----w- c:\arquivos de programas\Star Downloader

2009-11-19 17:36 . 2009-11-19 17:36 -------- d-----w- c:\arquivos de programas\NCH Software

2009-11-19 17:35 . 2009-11-19 17:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NCH Swift Sound

2009-11-19 17:34 . 2009-11-19 17:34 -------- d-----w- c:\arquivos de programas\NCH Swift Sound

2009-11-19 17:15 . 2009-11-19 17:15 -------- d-----w- c:\arquivos de programas\Trader's Little Helper

2009-11-19 17:14 . 2006-10-26 21:56 32592 ----a-w- c:\windows\system32\msonpmon.dll

2009-11-19 17:07 . 2009-11-19 17:07 -------- d-----w- c:\arquivos de programas\Microsoft Works

2009-11-19 17:06 . 2009-11-19 17:06 -------- d-----w- c:\arquivos de programas\MSBuild

2009-11-19 17:01 . 2009-11-19 17:06 -------- d-----w- c:\windows\SHELLNEW

2009-11-19 17:01 . 2009-11-21 05:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-11-19 16:59 . 2009-11-19 16:59 -------- d-----r- C:\MSOCache

2009-11-19 14:25 . 2009-11-19 14:28 -------- d-----w- c:\arquivos de programas\ICQ6.5

2009-11-19 02:47 . 2009-11-19 02:48 -------- d-----w- c:\arquivos de programas\XP Codec Pack

2009-11-19 00:48 . 2009-11-23 00:51 -------- d-----w- c:\arquivos de programas\mIRC

2009-11-17 15:17 . 2009-11-17 15:17 -------- d-----w- c:\arquivos de programas\Megaupload

2009-11-16 20:24 . 2009-11-16 20:24 397328 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll

2009-11-16 20:24 . 2009-11-16 20:24 17936 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll

2009-11-16 20:24 . 2009-11-16 20:24 109072 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll

2009-11-16 20:24 . 2009-11-16 20:24 315408 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys

2009-11-16 19:59 . 2009-11-16 19:59 -------- d-----w- c:\windows\system32\wbem\Repository

2009-11-16 19:55 . 2009-11-16 19:55 -------- d-----w- c:\documents and settings\Administrador\IETldCache

2009-11-16 19:55 . 2009-11-16 19:57 -------- d-----w- c:\documents and settings\Administrador\Configurações locais

2009-11-16 19:55 . 2009-11-16 19:57 -------- d-s---w- c:\documents and settings\Administrador

2009-11-16 19:55 . 2009-11-16 19:57 -------- d-----w- c:\documents and settings\Administrador\Modelos

2009-11-16 19:55 . 2009-11-16 19:57 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos

2009-11-16 03:43 . 2009-11-16 19:58 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macromedia

2009-11-16 03:43 . 2009-11-16 03:44 -------- d-----w- c:\arquivos de programas\Macromedia

2009-11-16 03:42 . 2009-11-16 03:42 -------- d-----w- c:\windows\Downloaded Installations

2009-11-16 03:16 . 2009-11-19 02:38 -------- d-----w- c:\arquivos de programas\Real Alternative

2009-11-07 16:59 . 2009-11-18 21:48 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-11-06 03:30 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys

2009-11-06 03:30 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys

2009-11-06 03:30 . 2008-04-13 18:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys

2009-11-06 03:30 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys

2009-11-06 03:29 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys

2009-11-06 03:29 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys

2009-11-06 03:29 . 2008-04-13 18:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys

2009-11-06 03:29 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys

2009-11-06 03:29 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys

2009-11-06 03:29 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS

2009-11-06 03:29 . 2008-04-13 18:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys

2009-11-06 03:29 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys

2009-11-06 03:29 . 2008-04-13 18:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys

2009-11-06 03:29 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys

2009-11-06 03:29 . 2008-04-14 02:20 54784 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll

2009-11-06 03:29 . 2008-04-14 02:20 54784 ----a-w- c:\windows\system32\vfwwdm32.dll

2009-11-06 03:22 . 2004-08-09 19:43 94208 ----a-w- c:\windows\amcap.exe

2009-11-06 03:22 . 2005-12-14 00:54 294912 ----a-w- c:\windows\tsnpstd3.exe

2009-11-06 03:22 . 2005-09-05 17:55 339968 ----a-w- c:\windows\vsnpstd3.exe

2009-11-06 03:22 . 2005-09-16 13:13 8701824 ----a-w- c:\windows\system32\drivers\snpstd3.sys

2009-11-06 03:22 . 2009-11-06 03:22 -------- d-----w- c:\arquivos de programas\Arquivos comuns\snpstd3

2009-11-06 03:22 . 2005-09-12 19:48 61440 ----a-w- c:\windows\system32\rsnpstd3.dll

2009-11-06 03:22 . 2005-09-12 19:45 53248 ----a-w- c:\windows\system32\vsnpstd3.dll

2009-11-06 03:22 . 2004-12-08 20:40 20480 ----a-w- c:\windows\usnpstd3.exe

2009-11-06 03:22 . 2004-02-16 15:59 61440 ----a-w- c:\windows\system32\csnpstd3.dll

2009-11-06 03:05 . 2009-11-06 03:05 -------- d-----w- c:\arquivos de programas\Microsoft CAPICOM 2.1.0.2

2009-11-06 03:05 . 2009-11-06 03:05 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2009-11-06 02:27 . 2009-08-06 21:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2009-11-06 02:27 . 2009-08-06 21:23 215920 ----a-w- c:\windows\system32\muweb.dll

2009-11-05 20:47 . 2009-11-19 16:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-11-05 14:32 . 2009-11-05 14:32 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-11-05 14:26 . 2009-11-05 14:26 -------- d-----w- c:\arquivos de programas\Microsoft

2009-11-05 14:26 . 2009-11-05 14:26 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2009-11-05 14:25 . 2009-11-05 14:26 -------- d-----w- c:\arquivos de programas\Windows Live

2009-11-05 14:19 . 2009-11-05 14:19 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-11-05 12:50 . 2003-12-11 13:15 82432 ----a-r- c:\windows\system32\MSXML4r.dll

2009-11-05 12:50 . 2003-12-11 13:15 626960 ----a-r- c:\windows\system32\hpvaut32.dll

2009-11-05 12:50 . 2003-12-11 13:15 487424 ----a-r- c:\windows\system32\hpvcp70.dll

2009-11-05 12:50 . 2003-12-11 13:15 44544 ----a-r- c:\windows\system32\MSXML4a.dll

2009-11-05 12:50 . 2003-12-11 13:15 344064 ----a-r- c:\windows\system32\hpvcr70.dll

2009-11-05 12:49 . 2009-11-05 12:50 -------- d-----w- c:\arquivos de programas\Hewlett-Packard

2009-11-05 12:45 . 2009-11-05 12:59 -------- d-----w- c:\arquivos de programas\HP

2009-11-05 12:41 . 2009-11-05 14:07 -------- d-----w- C:\drives HP

2009-11-05 07:38 . 2009-11-05 07:38 932368 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll

2009-11-05 07:38 . 2009-11-05 07:38 678416 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll

2009-11-05 07:38 . 2009-11-05 07:38 604688 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll

2009-11-05 07:38 . 2009-11-05 07:38 1096208 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll

2009-11-05 07:38 . 2009-11-05 07:38 522768 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll

2009-11-05 07:28 . 2009-11-05 07:28 9586 ----a-w- C:\KASPERSKYTRIAL.REG

2009-11-05 07:26 . 2009-11-05 07:26 95259 ----a-w- c:\windows\system32\drivers\klick.dat

2009-11-05 07:26 . 2009-11-05 07:26 108059 ----a-w- c:\windows\system32\drivers\klin.dat

2009-11-05 07:25 . 2009-11-23 01:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab

2009-11-05 07:25 . 2009-11-05 07:25 -------- d-----w- c:\arquivos de programas\Kaspersky Lab

2009-11-05 07:24 . 2009-11-05 07:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2009-11-05 06:49 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-11-05 06:49 . 2009-11-05 06:49 -------- d-----w- c:\windows\ie8updates

2009-11-05 06:48 . 2009-08-29 07:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-11-05 06:48 . 2009-08-29 07:57 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-11-05 06:48 . 2009-08-29 07:57 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-11-05 06:48 . 2009-08-29 07:57 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-11-05 06:48 . 2009-08-29 07:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-11-05 06:48 . 2009-08-29 07:57 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-11-05 06:48 . 2009-11-05 06:48 -------- dc-h--w- c:\windows\ie8

2009-11-05 06:37 . 2009-11-05 06:37 -------- d--h--w- c:\windows\PIF

2009-11-05 06:34 . 2009-11-05 06:34 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-11-05 06:30 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll

2009-11-05 06:30 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll

2009-11-05 06:30 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll

2009-11-05 06:30 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe

2009-11-05 06:30 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe

2009-11-05 06:22 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2009-11-05 06:20 . 2008-04-11 19:05 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2009-11-05 06:16 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-11-05 06:11 . 2009-11-05 06:51 -------- d-----w- c:\windows\system32\pt-br

2009-11-05 06:11 . 2009-11-05 06:11 -------- d-----w- c:\windows\system32\bits

2009-11-05 06:11 . 2009-11-05 06:11 -------- d-----w- c:\windows\l2schemas

2009-11-05 06:09 . 2009-11-05 06:11 -------- d-----w- c:\windows\ServicePackFiles

2009-11-05 06:07 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2009-11-05 06:07 . 2009-03-06 14:20 286208 -c----w- c:\windows\system32\dllcache\pdh.dll

2009-11-05 06:07 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe

2009-11-05 06:07 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2009-11-05 06:07 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2009-11-05 06:07 . 2009-02-09 10:53 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll

2009-11-05 06:07 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2009-11-05 06:07 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\ntdll.dll

2009-11-05 06:02 . 2004-08-04 02:36 701440 ------w- c:\windows\system32\drivers\ati2mtag.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-05 06:56 . 2001-10-28 15:07 48846 ----a-w- c:\windows\system32\perfc016.dat

2009-11-05 06:56 . 2001-10-28 15:07 344734 ----a-w- c:\windows\system32\perfh016.dat

2009-11-05 05:02 . 2009-11-07 16:58 251774 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1046.dat

2009-11-05 03:34 . 2009-11-05 02:47 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-11-05 02:47 . 2009-11-05 02:47 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2009-11-05 02:46 . 2009-11-05 02:46 -------- d-----w- c:\arquivos de programas\Serviços on-line

2009-11-05 02:45 . 2009-11-05 02:45 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2009-11-05 02:45 . 2009-11-05 02:45 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2009-10-20 22:34 . 2009-10-20 22:34 219664 ----a-w- c:\windows\system32\klogon.dll

2009-10-20 16:54 . 2009-10-20 16:54 59992 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe

2009-10-14 23:18 . 2009-10-14 23:18 36880 ----a-w- c:\windows\system32\drivers\klbg.sys

2009-10-02 21:39 . 2009-10-02 21:39 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys

2009-09-25 05:36 . 2009-09-25 05:36 81920 ------w- c:\windows\system32\ieencode.dll

2009-09-14 16:42 . 2009-09-14 16:42 32272 ----a-w- c:\windows\system32\drivers\klim5.sys

2009-09-11 14:19 . 2004-08-04 03:45 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-09 21:01 . 2009-09-09 21:01 27675 ----a-w- c:\windows\system32\drivers\klopp.dat

2009-09-04 21:04 . 2004-08-04 03:45 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-09-01 17:29 . 2009-09-01 17:29 128016 ----a-w- c:\windows\system32\drivers\kl1.sys

2009-08-29 07:57 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll

2009-08-26 08:01 . 2004-08-04 03:45 247326 ----a-w- c:\windows\system32\strmdll.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"HP Component Manager"="c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-28 172032]

"HP Software Update"="c:\arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-05-13 49152]

"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-14 294912]

"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"avp"="c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-25 16855552]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-10-11 1826816]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\ICQ6.5\\ICQ.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

 

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 21:18 36880]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/9/2009 14:42 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2/10/2009 19:39 19472]

R3 slnt;Kaiomy KM8139D 10/100Mbps PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [5/11/2009 03:06 17972]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.orkut.com.br/

IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: {96E2C50D-8D25-40CB-8EF6-7F9C72BD8B11} = 200.204.0.10 200.204.0.138

FF - ProfilePath - c:\documents and settings\Família\Dados de aplicativos\Mozilla\Firefox\Profiles\d9ovulnb.default\

FF - prefs.js: browser.startup.homepage - hxxp://orkut.com

FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-22 23:35

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(3080)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-11-22 23:38 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-11-23 01:38

 

Pré-execução: 7 pasta(s) 17.833.406.464 bytes disponíveis

Pós execução: 10 pasta(s) 17.902.247.936 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=signature(2d3b2d3b)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

signature(2d3b2d3b)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 7092D40E33DEA0F586C07676F6B1A4C5

 

HiJack log atualizado:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:39:09, on 22/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\ComboFix\CF27511.cfxxe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\regedit.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O2 - BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [avp] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257397943328

O17 - HKLM\System\CCS\Services\Tcpip\..\{96E2C50D-8D25-40CB-8EF6-7F9C72BD8B11}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

 

--

End of file - 6847 bytes

[DigRam 144]

Boa Noite! felipeintheend

 

Caso seja só isso mesmo que eu devo fazer, ja posso deletar esses 2 programas? ComboFix e Hijack ou é bom deixar guardado pra caso ocorra de eu pegar outro virus? Abraço valeuzão

<!> Fique somente com o HijackThis,onde ComboFix e Malwarebytes serão removidos.

<><><><><><><><><><><>

<@> Para desinstalar o Malwarebytes,dê duplo-clique no arquivo em destaque.

<@> C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe <--

<@> Reinicie o computador,após a conclusão!

<><><><><><><><><><><>

<@> Selecione e copie,todo o conteúdo que está na área do Quote,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000000

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1 (0x0)

<@> Ps: É recomendável que esteja desconectado,ao rodar o script.

<@> Ps: Desabilite,temporariamente,seu antivírus.

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[felipeintheend 0]

Assim que eu puder desinstalar o ComboFix, você me fala :)

 

Muito grato!

 

Certo, aqui vai os logs atualizados:

 

Hijack:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:44:53, on 23/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe

C:\Hijack\HiJackThis.exe

C:\WINDOWS\system32\wscntfy.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O2 - BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [avp] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257397943328

O17 - HKLM\System\CCS\Services\Tcpip\..\{96E2C50D-8D25-40CB-8EF6-7F9C72BD8B11}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

 

--

End of file - 6697 bytes

 

COmboFix:

ComboFix 09-11-22.04 - Família 23/11/2009 2:27.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.709 [GMT -2:00]

Executando de: c:\documents and settings\Família\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Família\Desktop\CFScript.txt

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-23 to 2009-11-23 ))))))))))))))))))))))))))))

.

 

2009-11-22 23:44 . 2009-11-22 23:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-11-22 23:05 . 2009-11-23 01:39 -------- d-----w- C:\Hijack

2009-11-20 23:24 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

2009-11-20 16:26 . 2009-11-20 16:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FreeDownloadManager.ORG

2009-11-20 16:26 . 2009-11-20 16:27 -------- d-----w- c:\arquivos de programas\Free Download Manager

2009-11-20 16:04 . 2009-11-20 16:04 -------- d-----w- c:\arquivos de programas\Tag Support Plugin for Media Player

2009-11-20 01:58 . 2009-11-20 20:20 -------- d-----w- c:\arquivos de programas\Star Downloader

2009-11-19 17:36 . 2009-11-19 17:36 -------- d-----w- c:\arquivos de programas\NCH Software

2009-11-19 17:35 . 2009-11-19 17:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NCH Swift Sound

2009-11-19 17:34 . 2009-11-19 17:34 -------- d-----w- c:\arquivos de programas\NCH Swift Sound

2009-11-19 17:15 . 2009-11-19 17:15 -------- d-----w- c:\arquivos de programas\Trader's Little Helper

2009-11-19 17:14 . 2006-10-26 21:56 32592 ----a-w- c:\windows\system32\msonpmon.dll

2009-11-19 17:07 . 2009-11-19 17:07 -------- d-----w- c:\arquivos de programas\Microsoft Works

2009-11-19 17:06 . 2009-11-19 17:06 -------- d-----w- c:\arquivos de programas\MSBuild

2009-11-19 17:01 . 2009-11-19 17:06 -------- d-----w- c:\windows\SHELLNEW

2009-11-19 17:01 . 2009-11-21 05:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-11-19 16:59 . 2009-11-19 16:59 -------- d-----r- C:\MSOCache

2009-11-19 14:25 . 2009-11-19 14:28 -------- d-----w- c:\arquivos de programas\ICQ6.5

2009-11-19 02:47 . 2009-11-19 02:48 -------- d-----w- c:\arquivos de programas\XP Codec Pack

2009-11-19 00:48 . 2009-11-23 01:47 -------- d-----w- c:\arquivos de programas\mIRC

2009-11-17 15:17 . 2009-11-17 15:17 -------- d-----w- c:\arquivos de programas\Megaupload

2009-11-16 20:24 . 2009-11-16 20:24 397328 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll

2009-11-16 20:24 . 2009-11-16 20:24 17936 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll

2009-11-16 20:24 . 2009-11-16 20:24 109072 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll

2009-11-16 20:24 . 2009-11-16 20:24 315408 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys

2009-11-16 19:59 . 2009-11-16 19:59 -------- d-----w- c:\windows\system32\wbem\Repository

2009-11-16 19:55 . 2009-11-16 19:55 -------- d-----w- c:\documents and settings\Administrador\IETldCache

2009-11-16 19:55 . 2009-11-23 04:35 -------- d-----w- c:\documents and settings\Administrador\Configurações locais

2009-11-16 19:55 . 2009-11-16 19:57 -------- d-s---w- c:\documents and settings\Administrador

2009-11-16 19:55 . 2009-11-16 19:57 -------- d-----w- c:\documents and settings\Administrador\Modelos

2009-11-16 19:55 . 2009-11-16 19:57 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos

2009-11-16 03:43 . 2009-11-16 19:58 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macromedia

2009-11-16 03:43 . 2009-11-16 03:44 -------- d-----w- c:\arquivos de programas\Macromedia

2009-11-16 03:42 . 2009-11-16 03:42 -------- d-----w- c:\windows\Downloaded Installations

2009-11-16 03:16 . 2009-11-19 02:38 -------- d-----w- c:\arquivos de programas\Real Alternative

2009-11-07 16:59 . 2009-11-18 21:48 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-11-06 03:30 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys

2009-11-06 03:30 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys

2009-11-06 03:30 . 2008-04-13 18:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys

2009-11-06 03:30 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys

2009-11-06 03:29 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys

2009-11-06 03:29 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys

2009-11-06 03:29 . 2008-04-13 18:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys

2009-11-06 03:29 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys

2009-11-06 03:29 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys

2009-11-06 03:29 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS

2009-11-06 03:29 . 2008-04-13 18:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys

2009-11-06 03:29 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys

2009-11-06 03:29 . 2008-04-13 18:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys

2009-11-06 03:29 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys

2009-11-06 03:29 . 2008-04-14 02:20 54784 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll

2009-11-06 03:29 . 2008-04-14 02:20 54784 ----a-w- c:\windows\system32\vfwwdm32.dll

2009-11-06 03:22 . 2004-08-09 19:43 94208 ----a-w- c:\windows\amcap.exe

2009-11-06 03:22 . 2005-12-14 00:54 294912 ----a-w- c:\windows\tsnpstd3.exe

2009-11-06 03:22 . 2005-09-05 17:55 339968 ----a-w- c:\windows\vsnpstd3.exe

2009-11-06 03:22 . 2005-09-16 13:13 8701824 ----a-w- c:\windows\system32\drivers\snpstd3.sys

2009-11-06 03:22 . 2009-11-06 03:22 -------- d-----w- c:\arquivos de programas\Arquivos comuns\snpstd3

2009-11-06 03:22 . 2005-09-12 19:48 61440 ----a-w- c:\windows\system32\rsnpstd3.dll

2009-11-06 03:22 . 2005-09-12 19:45 53248 ----a-w- c:\windows\system32\vsnpstd3.dll

2009-11-06 03:22 . 2004-12-08 20:40 20480 ----a-w- c:\windows\usnpstd3.exe

2009-11-06 03:22 . 2004-02-16 15:59 61440 ----a-w- c:\windows\system32\csnpstd3.dll

2009-11-06 03:05 . 2009-11-06 03:05 -------- d-----w- c:\arquivos de programas\Microsoft CAPICOM 2.1.0.2

2009-11-06 03:05 . 2009-11-06 03:05 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2009-11-06 02:27 . 2009-08-06 21:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2009-11-06 02:27 . 2009-08-06 21:23 215920 ----a-w- c:\windows\system32\muweb.dll

2009-11-05 20:47 . 2009-11-19 16:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-11-05 14:32 . 2009-11-05 14:32 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-11-05 14:26 . 2009-11-05 14:26 -------- d-----w- c:\arquivos de programas\Microsoft

2009-11-05 14:26 . 2009-11-05 14:26 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2009-11-05 14:25 . 2009-11-05 14:26 -------- d-----w- c:\arquivos de programas\Windows Live

2009-11-05 14:19 . 2009-11-05 14:19 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-11-05 12:50 . 2003-12-11 13:15 82432 ----a-r- c:\windows\system32\MSXML4r.dll

2009-11-05 12:50 . 2003-12-11 13:15 626960 ----a-r- c:\windows\system32\hpvaut32.dll

2009-11-05 12:50 . 2003-12-11 13:15 487424 ----a-r- c:\windows\system32\hpvcp70.dll

2009-11-05 12:50 . 2003-12-11 13:15 44544 ----a-r- c:\windows\system32\MSXML4a.dll

2009-11-05 12:50 . 2003-12-11 13:15 344064 ----a-r- c:\windows\system32\hpvcr70.dll

2009-11-05 12:49 . 2009-11-05 12:50 -------- d-----w- c:\arquivos de programas\Hewlett-Packard

2009-11-05 12:45 . 2009-11-05 12:59 -------- d-----w- c:\arquivos de programas\HP

2009-11-05 12:41 . 2009-11-05 14:07 -------- d-----w- C:\drives HP

2009-11-05 07:38 . 2009-11-05 07:38 932368 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll

2009-11-05 07:38 . 2009-11-05 07:38 678416 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll

2009-11-05 07:38 . 2009-11-05 07:38 604688 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll

2009-11-05 07:38 . 2009-11-05 07:38 1096208 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll

2009-11-05 07:38 . 2009-11-05 07:38 522768 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll

2009-11-05 07:28 . 2009-11-05 07:28 9586 ----a-w- C:\KASPERSKYTRIAL.REG

2009-11-05 07:26 . 2009-11-05 07:26 95259 ----a-w- c:\windows\system32\drivers\klick.dat

2009-11-05 07:26 . 2009-11-05 07:26 108059 ----a-w- c:\windows\system32\drivers\klin.dat

2009-11-05 07:25 . 2009-11-23 04:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab

2009-11-05 07:25 . 2009-11-05 07:25 -------- d-----w- c:\arquivos de programas\Kaspersky Lab

2009-11-05 07:24 . 2009-11-05 07:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2009-11-05 06:49 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-11-05 06:49 . 2009-11-05 06:49 -------- d-----w- c:\windows\ie8updates

2009-11-05 06:48 . 2009-08-29 07:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-11-05 06:48 . 2009-08-29 07:57 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-11-05 06:48 . 2009-08-29 07:57 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-11-05 06:48 . 2009-08-29 07:57 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-11-05 06:48 . 2009-08-29 07:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-11-05 06:48 . 2009-08-29 07:57 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-11-05 06:48 . 2009-11-05 06:48 -------- dc-h--w- c:\windows\ie8

2009-11-05 06:37 . 2009-11-05 06:37 -------- d--h--w- c:\windows\PIF

2009-11-05 06:34 . 2009-11-05 06:34 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-11-05 06:30 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll

2009-11-05 06:30 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll

2009-11-05 06:30 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll

2009-11-05 06:30 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe

2009-11-05 06:30 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe

2009-11-05 06:22 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2009-11-05 06:20 . 2008-04-11 19:05 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2009-11-05 06:16 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-11-05 06:11 . 2009-11-05 06:51 -------- d-----w- c:\windows\system32\pt-br

2009-11-05 06:11 . 2009-11-05 06:11 -------- d-----w- c:\windows\system32\bits

2009-11-05 06:11 . 2009-11-05 06:11 -------- d-----w- c:\windows\l2schemas

2009-11-05 06:09 . 2009-11-05 06:11 -------- d-----w- c:\windows\ServicePackFiles

2009-11-05 06:07 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2009-11-05 06:07 . 2009-03-06 14:20 286208 -c----w- c:\windows\system32\dllcache\pdh.dll

2009-11-05 06:07 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe

2009-11-05 06:07 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2009-11-05 06:07 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2009-11-05 06:07 . 2009-02-09 10:53 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll

2009-11-05 06:07 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2009-11-05 06:07 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\ntdll.dll

2009-11-05 06:02 . 2004-08-04 02:36 701440 ------w- c:\windows\system32\drivers\ati2mtag.sys

2009-11-05 05:50 . 2009-11-05 05:50 0 ----a-w- c:\windows\nsreg.dat

2009-11-05 05:49 . 2009-11-16 23:43 -------- d-----w- c:\arquivos de programas\FileZilla FTP Client

2009-11-05 05:33 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-05 06:56 . 2001-10-28 15:07 48846 ----a-w- c:\windows\system32\perfc016.dat

2009-11-05 06:56 . 2001-10-28 15:07 344734 ----a-w- c:\windows\system32\perfh016.dat

2009-11-05 03:34 . 2009-11-05 02:47 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-11-05 02:47 . 2009-11-05 02:47 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2009-11-05 02:46 . 2009-11-05 02:46 -------- d-----w- c:\arquivos de programas\Serviços on-line

2009-11-05 02:45 . 2009-11-05 02:45 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2009-11-05 02:45 . 2009-11-05 02:45 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2009-10-20 22:34 . 2009-10-20 22:34 219664 ----a-w- c:\windows\system32\klogon.dll

2009-10-20 16:54 . 2009-10-20 16:54 59992 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe

2009-10-14 23:18 . 2009-10-14 23:18 36880 ----a-w- c:\windows\system32\drivers\klbg.sys

2009-10-02 21:39 . 2009-10-02 21:39 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys

2009-09-25 05:36 . 2009-09-25 05:36 81920 ------w- c:\windows\system32\ieencode.dll

2009-09-14 16:42 . 2009-09-14 16:42 32272 ----a-w- c:\windows\system32\drivers\klim5.sys

2009-09-11 14:19 . 2004-08-04 03:45 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-09 21:01 . 2009-09-09 21:01 27675 ----a-w- c:\windows\system32\drivers\klopp.dat

2009-09-04 21:04 . 2004-08-04 03:45 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-09-01 17:29 . 2009-09-01 17:29 128016 ----a-w- c:\windows\system32\drivers\kl1.sys

2009-08-29 07:57 . 2004-08-04 03:45 916480 ------w- c:\windows\system32\wininet.dll

2009-08-26 08:01 . 2004-08-04 03:45 247326 ----a-w- c:\windows\system32\strmdll.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"HP Component Manager"="c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-28 172032]

"HP Software Update"="c:\arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-05-13 49152]

"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-14 294912]

"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"avp"="c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-25 16855552]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-10-11 1826816]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\ICQ6.5\\ICQ.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

 

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 21:18 36880]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/9/2009 14:42 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2/10/2009 19:39 19472]

R3 slnt;Kaiomy KM8139D 10/100Mbps PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [5/11/2009 03:06 17972]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.orkut.com.br/

IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Família\Dados de aplicativos\Mozilla\Firefox\Profiles\d9ovulnb.default\

FF - prefs.js: browser.startup.homepage - hxxp://orkut.com

FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-23 02:39

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(1368)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-11-23 02:42 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-11-23 04:42

ComboFix2.txt 2009-11-23 01:38

 

Pré-execução: 8 pasta(s) 18.306.428.928 bytes disponíveis

Pós execução: 10 pasta(s) 18.288.513.024 bytes disponíveis

 

- - End Of File - - A121D9A5B6241599531B73D3AF7096BE

[DigRam 144]

Bom Dia! felipeintheend

 

Assim que eu puder desinstalar o ComboFix, você me fala

<!> Agora mesmo,será realizada!

<><><><><><><><><><><><>

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

 

< >

 

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<@> Ps: A remoção do ComboFix,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole:

 

"%userprofile%\desktop\combofix" /uninstaller

 

<@> Clique OK.

<><><><><><><><><><><><>

<!> Seus logs estão limpos!

<!> Tudo Ok?

 

Abraços!

[felipeintheend 0]

A remoção por comando é melhor! Pelo outro jeito, ele estava no AutoScan, ai eu fechei e tirei por comando hehe

 

Bom, acho que o problema está resolvido, valeu cara! Ajudo demais, belo fórum estão de parabéns, principalmente você.

 

Estarei sempre recomendado este local, caso algum amigo esteja com problemas tbm, etc...

Abraço, valeu

 

PS: devo desinstalar o Hijack tbm?

 

RESPONDENDO: Fique com o programa,pois no futuro pode ser útil!

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.