Remoção de vírus

Meu log !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:33:13, on 17/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
C:\Arquivos de programas\Lexmark 4200 Series\lxbmbmgr.exe
C:\Arquivos de programas\Lexmark 4200 Series\lxbmbmon.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\ASUS\AI Suite\AiNap\AiNap.exe
C:\Arquivos de programas\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\DNA\btdna.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\spm\spmdib.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
C:\Arquivos de programas\Safari\Safari.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R3 - URLSearchHook: (no name) - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Arquivos de programas\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Arquivos de programas\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\ARQUIV~1\ARQUIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ai Nap] "C:\Arquivos de programas\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Arquivos de programas\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Arquivos de programas\ASUS\AI Suite\CpuLevelUpHelp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Arquivos de programas\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&MSN.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1226881321250
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\spm\spmdib.exe

--
End of file - 8422 bytes
 
Mr Wolf ñ tem jeito msm reistalei com tudo desativado.
Agora apareceram os icones, mais lá na central de Segurança esta Firewall desativado e tem a opção mostrar programas de firewall instalados McAfee Personal Firewall desativado
Firewall do Windows desativado o Comodo Firewall ñ aparece mais ele esta instalado.
 
olá mr wolf, fiz o que pediu
e segue os dois logs

ComboFix 08-12-16.03 - cliente 2008-12-17 14:09:42.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1535.1105 [GMT -2:00]
Executando de: c:\documents and settings\cliente\Desktop\Nova pasta\ComboFix.exe
Comandos utilizados :: c:\documents and settings\cliente\Desktop\Nova pasta\CFScript.txt
* Criado um novo ponto de restauro

FILE ::
c:\windows\system32\PLUG.SYS
.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-17 to 2008-12-17 ))))))))))))))))))))))))))))
.

2008-12-17 12:40 . 2008-12-17 12:40 <DIR> d-------- c:\windows\LastGood
2008-12-17 02:10 . 2008-12-17 02:10 <DIR> d-------- c:\arquivos de programas\MSXML 4.0
2008-12-17 02:06 . 2008-08-14 11:45 2,184,576 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-17 02:06 . 2008-08-14 11:45 2,140,160 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-17 02:06 . 2008-08-14 11:45 2,061,952 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-17 02:06 . 2008-08-14 11:45 2,019,840 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-17 02:03 . 2008-10-24 09:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-16 21:28 . 2008-12-16 21:28 <DIR> d-------- c:\arquivos de programas\Windows Media Connect 2
2008-12-16 21:28 . 2004-08-04 01:45 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-16 21:28 . 2008-12-17 02:52 1,393 --a------ c:\windows\imsins.BAK
2008-12-16 02:10 . 2008-12-16 02:10 <DIR> d-------- c:\windows\XileROPatch
2008-12-15 17:00 . 2008-12-16 21:39 <DIR> d-------- c:\documents and settings\cliente\Dados de aplicativos\Tibia
2008-12-15 17:00 . 2008-12-15 17:00 <DIR> d-------- c:\arquivos de programas\Tibia 8.31
2008-12-15 15:50 . 2008-12-16 13:28 <DIR> d-------- c:\arquivos de programas\Gravity
2008-12-15 15:50 . 2008-12-15 15:50 65,536 --a------ c:\windows\IFinst27.exe
2008-12-15 14:34 . 2008-12-15 14:34 94,208 --a------ c:\windows\DIIUnin.exe
2008-12-15 14:34 . 2008-12-15 14:39 22,106 --a------ c:\windows\DIIUnin.dat
2008-12-15 14:34 . 2008-12-15 14:34 2,829 --a------ c:\windows\DIIUnin.pif
2008-12-14 23:12 . 2008-12-14 23:12 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-14 16:16 . 2008-12-14 16:16 24 --ahs---- c:\windows\S2A2EC7F9.tmp
2008-12-14 16:15 . 2008-12-14 16:18 <DIR> d-------- c:\arquivos de programas\SlySoft
2008-12-14 15:59 . 2008-12-14 15:59 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2008-12-14 15:57 . 2008-12-15 14:36 21,840 --a----t- c:\windows\system32\SIntfNT.dll
2008-12-14 15:57 . 2008-12-15 14:36 17,212 --a----t- c:\windows\system32\SIntf32.dll
2008-12-14 15:57 . 2008-12-15 14:36 12,067 --a----t- c:\windows\system32\SIntf16.dll
2008-12-10 01:32 . 2008-12-12 21:39 <DIR> d-------- c:\arquivos de programas\AV Vcs 4.0 DIAMOND
2008-12-10 01:24 . 2008-12-10 01:24 <DIR> d-------- c:\arquivos de programas\Personal Voice Changer Driver
2008-12-10 01:23 . 2008-12-10 01:25 <DIR> d-------- c:\arquivos de programas\Fake Voice
2008-12-10 01:23 . 2004-03-09 00:00 152,848 --a------ c:\windows\system32\COMDLG32.OCX
2008-12-10 01:11 . 2008-12-10 01:11 <DIR> d-------- c:\arquivos de programas\CoolSMS
2008-12-10 01:07 . 2008-12-10 01:07 <DIR> d-------- c:\windows\system32\EXP
2008-12-09 18:36 . 2008-12-09 18:36 <DIR> d-------- c:\arquivos de programas\VirtualDJ
2008-12-08 11:50 . 2008-12-08 11:50 <DIR> d-------- c:\documents and settings\cliente\Dados de aplicativos\Uniblue
2008-12-02 10:37 . 2008-12-04 18:14 <DIR> d-------- c:\documents and settings\cliente\Dados de aplicativos\sqlitestudio
2008-11-30 02:26 . 2008-11-30 11:54 <DIR> d-------- c:\arquivos de programas\ElfBot NG
2008-11-28 16:36 . 2008-11-28 16:40 <DIR> d-------- c:\documents and settings\cliente\Dados de aplicativos\Ventrilo
2008-11-28 16:35 . 2008-11-28 16:36 <DIR> d-------- c:\arquivos de programas\Ventrilo
2008-11-28 16:35 . 2008-11-28 16:35 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard
2008-11-20 13:22 . 2004-08-04 01:45 219,648 --a------ c:\windows\system32\uxtheme.backup
2008-11-18 20:44 . 2008-11-18 20:44 <DIR> d-------- c:\arquivos de programas\Esquadrimetal
2008-11-17 14:58 . 2008-11-17 14:58 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\NOS

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-17 14:37 --------- d-----w c:\documents and settings\cliente\Dados de aplicativos\Orbit
2008-12-17 03:14 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP
2008-12-15 18:06 --------- d-----w c:\arquivos de programas\Asprate
2008-12-15 16:09 --------- d-----w c:\arquivos de programas\Warcraft III
2008-12-15 03:50 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2008-12-14 03:21 --------- d-----w c:\documents and settings\cliente\Dados de aplicativos\FrostWire
2008-12-09 20:19 --------- d-----w c:\arquivos de programas\Phun
2008-12-08 20:33 --------- d-----w c:\arquivos de programas\TibiaBot NG 8.31
2008-12-06 21:20 2,434,158 ----a-w c:\arquivos de programas\Remere's Map Editor.rar
2008-12-05 02:19 --------- d-----w c:\arquivos de programas\Remere's Map Editor
2008-11-22 21:22 --------- d-----w c:\arquivos de programas\GameVicio
2008-11-20 15:22 219,648 ----a-w c:\windows\system32\uxtheme.dll
2008-11-18 22:44 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information
2008-11-17 17:00 --------- d-----w c:\arquivos de programas\Google
2008-11-16 13:39 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe
2008-11-09 18:22 --------- d-----w c:\arquivos de programas\SystemRequirementsLab
2008-11-08 16:14 --------- d-----w c:\documents and settings\cliente\Dados de aplicativos\CyberLink
2008-11-06 15:11 --------- d-----w c:\documents and settings\cliente\Dados de aplicativos\VariCAD-Viewer.en
2008-11-06 15:10 --------- d-----w c:\arquivos de programas\VariCADViewer
2008-11-03 20:31 --------- d-----w c:\arquivos de programas\Garena
2008-10-28 19:10 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\NexonUS
2008-10-27 12:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2008-10-27 12:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
2008-10-27 12:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
2008-10-27 12:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2008-10-26 13:40 --------- d-----w c:\arquivos de programas\MSN Messenger
2008-10-24 19:09 --------- d-----w c:\arquivos de programas\No-IP
2008-10-24 18:55 --------- d-----w c:\arquivos de programas\IGC
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-10 06:52 452,440 ----a-w c:\windows\system32\d3dx10_40.dll
2008-10-10 06:52 4,379,984 ----a-w c:\windows\system32\D3DX9_40.dll
2008-10-10 06:52 2,036,576 ----a-w c:\windows\system32\D3DCompiler_40.dll
2008-10-04 07:07 3,851,784 ----a-w c:\windows\system32\D3DX9_39.dll
2008-10-03 10:16 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 18:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 18:41 91,656 ----a-w c:\windows\system32\msxml4r.dll
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-25 68856]
"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-07-04 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2008-07-10 1690824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-04 13:01 486856 c:\arquivos de programas\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Discador iG]
--------- 2005-07-25 15:41 1329152 c:\arquivos de programas\iGv6\Discador iG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-09-19 18:34 4347120 c:\arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-02 23:46 13529088 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-02 23:46 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2005-12-07 23:57 30208 c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]
--a------ 2008-08-03 11:38 61440 c:\arquivos de programas\Warcraft III\W3DR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-02 23:46 1630208 c:\windows\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Arquivos de programas\\FrostWire\\FrostWire.exe"=
"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Arquivos de programas\\Ventrilo\\Ventrilo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7171:TCP"= 7171:TCP:Tibia

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-11 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-11 20560]
R3 tenCapture;tenCapture;c:\windows\system32\DRIVERS\tenCapture.sys [2007-04-21 9344]
S1 Kel - Kiler Plung ...;Driver;\??\c:\windows\system32\PLUG.SYS []
S3 DAEDriver54;DAEDriver54; []
S3 getPlus(R) Helper;getPlus(R) Helper; []
S3 XDva190;XDva190; []
S3 XDva195;XDva195; []
S3 XDva205;XDva205; []
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uSearchMigratedDefaultURL = hxxp://farejador.ig.com.br/query.cgi?utf8&query={searchTerms}
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {7296DB95-F4EE-4D38-8465-5D3DCF50D247} = 200.204.0.10 200.204.0.138

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\sysreqlab3.dll - c:\windows\Downloaded Program Files\sysreqlab_srl.dll
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
c:\windows\Downloaded Program Files\sysreqlab.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 14:11:36
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
Tempo para conclusão: 2008-12-17 14:12:37
ComboFix-quarantined-files.txt 2008-12-17 16:12:01
ComboFix2.txt 2008-12-17 03:27:26

Pré-execução: 14 pasta(s) 11.388.547.072 bytes disponíveis
Pós execução: 14 pasta(s) 11,385,319,424 bytes disponíveis

201 --- E O F --- 2008-12-17 04:52:56





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:16:54, on 17/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
C:\Arquivos de programas\Orbitdownloader\orbitnet.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\cliente\Desktop\Nova pasta\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7296DB95-F4EE-4D38-8465-5D3DCF50D247}: NameServer = 200.204.0.10 200.204.0.138
O20 - AppInit_DLLs:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7987 bytes
 
julianossc, siga o procedimento dentro do spoiler abaixo.

- Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);
● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;
● Após a instalação execute o programa;
● Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;
● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;
● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover.
OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;
● O log pode ser consultado clicando em Logs do menu principal também;

Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis julianossc.
___________________________________________________


Scorpyon, o problema é o McAfee.

Veja que na Central de segurança consta como McAfee desativado. Na verdade, deveria remover o firewall do McAfee. Mas para isso, terá que remover todos os componentes dos serviços do Windows.

Experimente parar todos os serviços do McAfee na lista de serviços do Windows Scorpyon, apenas temporariamente. Pare todos sem exceção. E veja se o problema ainda ocorrerá.


_______________________________________________


Opa rodrigooab, que bom.

Abraços
 
marcoskiko, siga as instruções dentro do spoiler abaixo (clique em Mostrar).

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta marcoskiko.
_____________________________________________


Ferps, vá em Iniciar > Executar, digite ou copie e cole o comando à seguir: combofix /u e dê um Enter. Delete as pastas C:\Qoobox e C:\ComboFix (caso existam). Delete também o log ComboFix.txt.

Seu log está limpo Ferps. :)
 
Mr.Wolf disse:
marcoskiko, siga as instruções dentro do spoiler abaixo (clique em Mostrar).

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta marcoskiko.
_____________________________________________


Ferps, vá em Iniciar > Executar, digite ou copie e cole o comando à seguir: combofix /u e dê um Enter. Delete as pastas C:\Qoobox e C:\ComboFix (caso existam). Delete também o log ComboFix.txt.

Seu log está limpo Ferps. :)
Clique para expandir...

Seguinte Wolf..ele fez os procedimentos, so que no final não reiniciou sozinho não..ele ja amostrou o log. vou upar la naquele link que me mandou..ok.. porque por aqui não consigo postar o log por inteiro..
 
Mr.Wolf disse:
marcoskiko, siga as instruções dentro do spoiler abaixo (clique em Mostrar).

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta marcoskiko.
_____________________________________________


Ferps, vá em Iniciar > Executar, digite ou copie e cole o comando à seguir: combofix /u e dê um Enter. Delete as pastas C:\Qoobox e C:\ComboFix (caso existam). Delete também o log ComboFix.txt.

Seu log está limpo Ferps. :)
Clique para expandir...



Wolf segue o link com o log do combofix.. valeu aguardo respostas

RapidShare: Easy Filehosting

RapidShare: Easy Filehosting

RapidShare: Easy Filehosting
 
marcoskiko

Selecione e copie este texto aqui abaixo. Cole-o dentro do bloco de notas de seu computador e salve no desktop com o nome CFScript.txt

File::
c:\users\All Users\sysqcl1129139270.dat
c:\programdata\sysqcl1129139270.dat
c:\windows\System32\KGyGaAvL.sys
c:\program files\desktop.ini
Clique para expandir...

Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

CFScript.gif


● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;
Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;
● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

Na sua próxima resposta marcoskiko, cole o ComboFix.txt e um novo log do HijackThis.
 
Mr.Wolf disse:
marcoskiko

Selecione e copie este texto aqui abaixo. Cole-o dentro do bloco de notas de seu computador e salve no desktop com o nome CFScript.txt



Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

CFScript.gif


● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;
Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;
● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

Na sua próxima resposta marcoskiko, cole o ComboFix.txt e um novo log do HijackThis.
Clique para expandir...


Segue o logo do Combo

ComboFix 08-12-16.03 - KIKO 2008-12-17 16:07:45.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1881 [GMT -3:00]
Executando de: c:\users\KIKO\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\KIKO\Desktop\CFScript.txt.txt
* Criado um novo ponto de restauro

FILE ::
c:\program files\desktop.ini
c:\programdata\sysqcl1129139270.dat
c:\users\All Users\sysqcl1129139270.dat
c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\desktop.ini
c:\programdata\sysqcl1129139270.dat
c:\windows\System32\KGyGaAvL.sys

.
(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-17 to 2008-12-17 ))))))))))))))))))))))))))))
.

2008-12-17 12:58 . 2008-12-17 12:58 <DIR> d-------- c:\users\All Users\Minnetonka Audio Software
2008-12-17 12:58 . 2008-12-17 12:58 <DIR> d-------- c:\programdata\Minnetonka Audio Software
2008-12-16 23:50 . 2008-12-16 23:50 <DIR> d-------- c:\users\KIKO\AppData\Roaming\Malwarebytes
2008-12-16 23:50 . 2008-12-16 23:50 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-16 23:50 . 2008-12-16 23:50 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-16 23:50 . 2008-12-16 23:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-16 23:50 . 2008-12-03 19:59 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-16 23:50 . 2008-12-03 19:59 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-16 16:26 . 2008-12-16 16:26 <DIR> d-------- c:\program files\Yahoo!
2008-12-16 16:07 . 2006-09-18 18:46 219 --a------ c:\windows\system.tmp
2008-12-16 16:07 . 2006-11-02 10:04 144 --a------ c:\windows\win.tmp
2008-12-16 15:08 . 2008-12-16 15:08 79 --a------ c:\windows\wininit.ini
2008-12-16 14:49 . 2008-12-16 16:57 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-12-16 14:49 . 2008-12-16 16:57 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2008-12-16 14:49 . 2008-12-16 16:57 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-16 12:01 . 2008-12-16 12:02 290,822,309 --a------ c:\windows\MEMORY.DMP
2008-12-16 10:46 . 2008-12-16 16:56 <DIR> d-------- c:\program files\a-squared Free
2008-12-16 09:43 . 2008-12-16 09:53 <DIR> d-------- c:\program files\Anti Trojan Elite
2008-12-15 20:48 . 2008-12-15 20:48 <DIR> d-------- c:\program files\plasq
2008-12-15 20:47 . 2008-12-15 20:47 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-10 18:17 . 2008-10-21 22:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-10 16:37 . 2008-11-01 00:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-10 16:36 . 2008-10-31 22:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-10 16:35 . 2008-10-15 23:23 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-12-10 16:35 . 2008-10-16 01:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-10 16:34 . 2008-06-22 22:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-10 16:34 . 2008-06-22 22:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-10 16:34 . 2008-06-22 22:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-10 16:21 . 2008-10-21 02:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-10 16:17 . 2008-10-29 03:29 2,927,104 --a------ c:\windows\explorer.exe
2008-11-26 07:37 . 2008-10-21 02:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 07:37 . 2008-08-28 00:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 07:37 . 2008-08-28 00:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 07:37 . 2008-08-28 00:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 07:37 . 2008-10-22 00:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-23 10:15 . 2008-11-10 05:43 410,984 --a------ c:\windows\System32\deploytk.dll

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-17 17:45 --------- d-----w c:\users\KIKO\AppData\Roaming\Skype
2008-12-16 14:48 --------- d-----w c:\users\KIKO\AppData\Roaming\uTorrent
2008-12-11 06:05 --------- d-----w c:\program files\Windows Mail
2008-12-10 21:20 --------- d-----w c:\programdata\Microsoft Help
2008-12-03 00:43 --------- d-----w c:\program files\Java
2008-11-30 19:01 150,144 ----a-w c:\users\KIKO\AppData\Roaming\nvModes.dat
2008-11-19 19:58 --------- d-----w c:\users\KIKO\AppData\Roaming\Hewlett-Packard
2008-11-19 19:50 --------- d-----w c:\programdata\Hewlett-Packard
2008-11-15 18:48 43,520 ----a-w c:\windows\System32\CmdLineExt03.dll
2008-11-15 05:45 --------- d-----w c:\program files\Microsoft Games
2008-11-05 15:21 --------- d-----w c:\program files\Common Files\Adobe
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-22 18:21 21,248 ----a-w c:\windows\Help\OEM\scripts\HPScript.exe
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 17:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 16:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-15 17:46 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-10-15 17:46 249,856 ------w c:\windows\Setup1.exe
2008-10-06 13:51 20,224 ----a-w c:\windows\Help\OEM\scripts\HC_checkMUI.dll
2008-10-02 23:40 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-10-02 23:40 56 ---ha-w c:\programdata\ezsidmv.dat
2008-10-02 14:53 11,437,716 ----a-w c:\users\KIKO\ss-musicsamplebox2-baixandoja.blogspot.com-Mazinha.zip
2008-09-30 19:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-07-27 21:32 56 --sh--r c:\windows\System32\0D3DE806E3.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-17_14.37.05.49 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-17 13:45:48 51,200 ----a-w c:\windows\inf\infpub.dat
+ 2008-12-17 17:49:34 51,200 ----a-w c:\windows\inf\infpub.dat
- 2008-12-17 13:45:48 143,360 ----a-w c:\windows\inf\infstrng.dat
+ 2008-12-17 17:49:34 143,360 ----a-w c:\windows\inf\infstrng.dat
- 2008-12-17 13:38:45 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-17 17:49:42 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-17 13:38:45 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-17 17:49:42 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-17 13:38:45 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-17 17:49:42 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-17 13:45:59 101,250 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-17 17:39:06 101,250 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-17 13:45:59 587,178 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-17 17:39:06 587,178 ----a-w c:\windows\System32\perfh009.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-20 125952]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-11 21741864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-23 266497]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-09 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\program files\GbPlugin\gbiehcef.dll" [2008-09-01 374856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FD70B73F-1FD2-4086-887E-17DB85C7E509}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{50E85B62-97D2-4CB1-89E3-E9E26263F4C2}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CD52968A-5E2C-477F-9D1A-B0F2E2DF3423}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{BE633EB7-A30E-4995-9363-7D4D4E18BC94}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D5FBDF57-0801-4DB4-A9A7-89D36E454DC9}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A91C4F27-BD6C-4674-8847-A68274199BD1}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{979E409E-BDBF-4968-BBB6-C0E0E2C86B9A}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{81D8D5B2-4F1A-43D0-8D06-27A98C00A3F5}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4D9BA8BA-CCA5-404E-AEA3-E31A8ECB2323}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5039A1E3-8AEF-4E36-8317-8BF268906F7E}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{CBC7B02C-ADBF-425F-8C28-2DE9394AA87D}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{E45BC0E1-52E5-4179-9A89-39C3B3927AB0}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{59956796-24DF-4750-BE63-4BAB92EDEED2}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{EE118015-CDF3-44ED-A601-31B8D7867853}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{C995725B-B848-44B7-BC3B-ECFECDE6AC44}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{D5FEDE89-7A8E-406E-8D9F-5593E429CAAE}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{36D05BB0-6DFE-4D96-A966-9FC9D1EA1CF7}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{6E7E1A1E-7D0F-4026-82E6-D74012DBFBC3}"= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{35C591D2-1493-4245-B389-07E85E897765}"= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{95AB6679-CFE8-4B2A-8896-72B6EFFF2688}"= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{43A898AD-2E92-4CAF-8F4C-5571AD02063B}"= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{F95C56F2-2B6E-4596-8497-D24160A17079}"= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{220EC833-675E-4AC3-ACDF-D72FEE3C0500}"= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{F7F8F61C-2FE4-4046-AE0C-4E3C11089AB1}"= UDP:c:\program files\Autodesk\3ds Max 2008\3dsmax.exe:Autodesk 3ds Max 2008 32-bit
"{3CC3E51B-36A5-4197-A74D-60BC8B8A8459}"= TCP:c:\program files\Autodesk\3ds Max 2008\3dsmax.exe:Autodesk 3ds Max 2008 32-bit
"{896EB8E6-9EE0-4FF1-A8AA-54223509A649}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8510B759-DF75-4886-BB7A-3D972D209B28}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{13D6DE0B-94FE-4F2D-B893-D934474755C6}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{8866AD6F-EBF6-4296-A7B6-C91037E9D72B}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{0B99E929-5CAA-41F5-A569-BD5F6A70D9B2}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{D2A2B231-7314-44D8-BEDA-A78961D41389}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{37C129B1-CFC2-4772-BDE7-9CD9BC198407}c:\\program files\\valve\\hl.exe"= UDP:c:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{9D02CD28-F477-4F2A-977A-E9BE13A27FC7}c:\\program files\\valve\\hl.exe"= TCP:c:\program files\valve\hl.exe:Half-Life Launcher
"TCP Query User{2118A1EC-21E6-445F-9050-E81D93FEE769}c:\\program files\\valve\\hlds.exe"= UDP:c:\program files\valve\hlds.exe:HLDS Launcher
"UDP Query User{B9B3D325-5398-46F5-B4E6-7860B897DE19}c:\\program files\\valve\\hlds.exe"= TCP:c:\program files\valve\hlds.exe:HLDS Launcher
"TCP Query User{A8D91BA6-0E5B-4B83-8350-8A3923493A76}c:\\unrealtournament\\system\\unrealtournament.exe"= UDP:c:\unrealtournament\system\unrealtournament.exe:UnrealTournament
"UDP Query User{DDB92C00-5BC5-4AF5-80BC-A5CD25BBF4A2}c:\\unrealtournament\\system\\unrealtournament.exe"= TCP:c:\unrealtournament\system\unrealtournament.exe:UnrealTournament
"TCP Query User{B9290134-051D-4913-BA23-99892F87CA0C}c:\\program files\\valve\\hl.exe"= UDP:c:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{D6F59BF3-50BC-4A7C-913D-1B55119A627E}c:\\program files\\valve\\hl.exe"= TCP:c:\program files\valve\hl.exe:Half-Life Launcher
"{BD855660-FA73-4D73-9F10-F902E673EBF1}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{02CD1341-2C9C-4562-9C4C-022A5C0E1BEA}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{9A2465D6-FAEB-4629-994C-B605C56822AA}c:\\unrealtournament\\system\\unrealtournament.exe"= UDP:c:\unrealtournament\system\unrealtournament.exe:UnrealTournament
"UDP Query User{FA25A0F3-2E0D-40F0-A236-822469D94390}c:\\unrealtournament\\system\\unrealtournament.exe"= TCP:c:\unrealtournament\system\unrealtournament.exe:UnrealTournament
"TCP Query User{DAF58EC3-355C-4676-9029-5BF2DA3B6015}c:\\program files\\valve\\hltv.exe"= UDP:c:\program files\valve\hltv.exe:HLTV Launcher
"UDP Query User{12C9390A-C094-4FBC-8B93-A3841481DFE8}c:\\program files\\valve\\hltv.exe"= TCP:c:\program files\valve\hltv.exe:HLTV Launcher
"TCP Query User{550B51F7-6967-4976-9F0C-A4D746096ACA}c:\\program files\\dietwinclinico\\dwdbutil.exe"= UDP:c:\program files\dietwinclinico\dwdbutil.exe:BackpUp de banco de dados
"UDP Query User{27C9B30D-623C-4A86-87DC-CA2030EF44C8}c:\\program files\\dietwinclinico\\dwdbutil.exe"= TCP:c:\program files\dietwinclinico\dwdbutil.exe:BackpUp de banco de dados
"TCP Query User{E15830FC-2D54-4019-B934-99115943BC67}c:\\program files\\dietwinclinico\\clinico.exe"= UDP:c:\program files\dietwinclinico\clinico.exe:Clinico
"UDP Query User{8AA4727D-52A8-439B-9EA7-179EB45930C0}c:\\program files\\dietwinclinico\\clinico.exe"= TCP:c:\program files\dietwinclinico\clinico.exe:Clinico
"{F41A856D-96A6-4FD1-820E-1BD9049815F3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{C01F3017-7E8B-4B8A-BA87-BAE8ACE2852A}c:\\users\\kiko\\downloads\\skype.exe"= UDP:c:\users\kiko\downloads\skype.exe:skype.exe
"UDP Query User{F1CD4554-1BAC-4C7B-9F93-CA1677339EAC}c:\\users\\kiko\\downloads\\skype.exe"= TCP:c:\users\kiko\downloads\skype.exe:skype.exe
"TCP Query User{415C1EC0-F0B4-47A8-B2C5-E12DF1AB8D1E}c:\\program files\\valve\\hlds.exe"= UDP:c:\program files\valve\hlds.exe:HLDS Launcher
"UDP Query User{A60AD441-99E5-4C04-8745-ECBDC9BC47BC}c:\\program files\\valve\\hlds.exe"= TCP:c:\program files\valve\hlds.exe:HLDS Launcher
"TCP Query User{865970E7-5E62-4A67-A173-4F28A869AB76}c:\\program files\\counter-strike\\hl.exe"= UDP:c:\program files\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{FD8CC657-3FFA-4D32-8E55-865EADDF188A}c:\\program files\\counter-strike\\hl.exe"= TCP:c:\program files\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{956970D2-6AB5-475B-B4C8-91361C7C7189}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{1629330A-C01B-48FC-8FD5-9CE4DBEE91E9}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{05FE78B6-A3A4-484E-8F3C-4243EB0681B7}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= UDP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
"UDP Query User{69741506-1A51-4774-8C7F-852C2A4BD857}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= TCP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
"TCP Query User{E6F57669-6578-4E88-9D82-B9E3B6CB432F}c:\\valve\\condition zero\\czero.exe"= UDP:c:\valve\condition zero\czero.exe:Condition Zero Launcher
"UDP Query User{04A71327-0961-4F7A-9CB2-124BDD015FB1}c:\\valve\\condition zero\\czero.exe"= TCP:c:\valve\condition zero\czero.exe:Condition Zero Launcher
"TCP Query User{FBDF5380-C578-4730-A826-BCAFCAF225CD}c:\\valve\\condition zero\\hltv.exe"= UDP:c:\valve\condition zero\hltv.exe:HLTV Launcher
"UDP Query User{28BFE207-5A6E-4DD1-9552-0D4E885238F3}c:\\valve\\condition zero\\hltv.exe"= TCP:c:\valve\condition zero\hltv.exe:HLTV Launcher
"TCP Query User{A9A3DE63-9C78-4BE0-B0E9-169CE1FE8828}c:\\valve\\condition zero\\czero.exe"= UDP:c:\valve\condition zero\czero.exe:Condition Zero Launcher
"UDP Query User{10B77B0B-ECA3-4D5F-9CED-62DB29DB9BC2}c:\\valve\\condition zero\\czero.exe"= TCP:c:\valve\condition zero\czero.exe:Condition Zero Launcher
"TCP Query User{22DBD5DD-C3D8-4B0C-81E3-32B599E1E748}c:\\users\\kiko\\downloads\\unrealtournament\\system\\unrealtournament.exe"= UDP:c:\users\kiko\downloads\unrealtournament\system\unrealtournament.exe:unrealtournament.exe
"UDP Query User{F7DB1665-FB92-4016-A9E7-475266104101}c:\\users\\kiko\\downloads\\unrealtournament\\system\\unrealtournament.exe"= TCP:c:\users\kiko\downloads\unrealtournament\system\unrealtournament.exe:unrealtournament.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\DRIVERS\s916bus.sys [2007-11-02 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s916mdfl.sys [2008-08-03 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s916mdm.sys [2008-08-03 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s916mgmt.sys [2008-08-03 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s916obex.sys [2008-08-03 100008]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Conteúdo da pasta 'Tarefas Agendadas'

2008-12-17 c:\windows\Tasks\User_Feed_Synchronization-{8F7547C4-B8EB-4306-A201-E7F13FFBF278}.job
- c:\windows\system32\msfeedssync.exe [2008-01-20 23:24]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 16:09:39
Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
Tempo para conclusão: 2008-12-17 16:15:56
ComboFix-quarantined-files.txt 2008-12-17 19:15:54
ComboFix2.txt 2008-12-17 17:46:20

Pré-execução: 119.123.927.040 bytes free
Pós execução: 119,091,470,336 bytes free

261 --- E O F --- 2008-12-12 06:01:36
 
marcoskiko disse:
Segue o logo do Combo

ComboFix 08-12-16.03 - KIKO 2008-12-17 16:07:45.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1881 [GMT -3:00]
Executando de: c:\users\KIKO\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\KIKO\Desktop\CFScript.txt.txt
* Criado um novo ponto de restauro

FILE ::
c:\program files\desktop.ini
c:\programdata\sysqcl1129139270.dat
c:\users\All Users\sysqcl1129139270.dat
c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\desktop.ini
c:\programdata\sysqcl1129139270.dat
c:\windows\System32\KGyGaAvL.sys

.
(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-17 to 2008-12-17 ))))))))))))))))))))))))))))
.

2008-12-17 12:58 . 2008-12-17 12:58 <DIR> d-------- c:\users\All Users\Minnetonka Audio Software
2008-12-17 12:58 . 2008-12-17 12:58 <DIR> d-------- c:\programdata\Minnetonka Audio Software
2008-12-16 23:50 . 2008-12-16 23:50 <DIR> d-------- c:\users\KIKO\AppData\Roaming\Malwarebytes
2008-12-16 23:50 . 2008-12-16 23:50 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-16 23:50 . 2008-12-16 23:50 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-16 23:50 . 2008-12-16 23:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-16 23:50 . 2008-12-03 19:59 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-16 23:50 . 2008-12-03 19:59 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-16 16:26 . 2008-12-16 16:26 <DIR> d-------- c:\program files\Yahoo!
2008-12-16 16:07 . 2006-09-18 18:46 219 --a------ c:\windows\system.tmp
2008-12-16 16:07 . 2006-11-02 10:04 144 --a------ c:\windows\win.tmp
2008-12-16 15:08 . 2008-12-16 15:08 79 --a------ c:\windows\wininit.ini
2008-12-16 14:49 . 2008-12-16 16:57 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-12-16 14:49 . 2008-12-16 16:57 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2008-12-16 14:49 . 2008-12-16 16:57 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-16 12:01 . 2008-12-16 12:02 290,822,309 --a------ c:\windows\MEMORY.DMP
2008-12-16 10:46 . 2008-12-16 16:56 <DIR> d-------- c:\program files\a-squared Free
2008-12-16 09:43 . 2008-12-16 09:53 <DIR> d-------- c:\program files\Anti Trojan Elite
2008-12-15 20:48 . 2008-12-15 20:48 <DIR> d-------- c:\program files\plasq
2008-12-15 20:47 . 2008-12-15 20:47 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-10 18:17 . 2008-10-21 22:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-10 16:37 . 2008-11-01 00:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-10 16:36 . 2008-10-31 22:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-10 16:35 . 2008-10-15 23:23 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-12-10 16:35 . 2008-10-16 01:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-10 16:34 . 2008-06-22 22:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-10 16:34 . 2008-06-22 22:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-10 16:34 . 2008-06-22 22:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-10 16:21 . 2008-10-21 02:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-10 16:17 . 2008-10-29 03:29 2,927,104 --a------ c:\windows\explorer.exe
2008-11-26 07:37 . 2008-10-21 02:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 07:37 . 2008-08-28 00:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 07:37 . 2008-08-28 00:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 07:37 . 2008-08-28 00:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 07:37 . 2008-10-22 00:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-23 10:15 . 2008-11-10 05:43 410,984 --a------ c:\windows\System32\deploytk.dll

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-17 17:45 --------- d-----w c:\users\KIKO\AppData\Roaming\Skype
2008-12-16 14:48 --------- d-----w c:\users\KIKO\AppData\Roaming\uTorrent
2008-12-11 06:05 --------- d-----w c:\program files\Windows Mail
2008-12-10 21:20 --------- d-----w c:\programdata\Microsoft Help
2008-12-03 00:43 --------- d-----w c:\program files\Java
2008-11-30 19:01 150,144 ----a-w c:\users\KIKO\AppData\Roaming\nvModes.dat
2008-11-19 19:58 --------- d-----w c:\users\KIKO\AppData\Roaming\Hewlett-Packard
2008-11-19 19:50 --------- d-----w c:\programdata\Hewlett-Packard
2008-11-15 18:48 43,520 ----a-w c:\windows\System32\CmdLineExt03.dll
2008-11-15 05:45 --------- d-----w c:\program files\Microsoft Games
2008-11-05 15:21 --------- d-----w c:\program files\Common Files\Adobe
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-22 18:21 21,248 ----a-w c:\windows\Help\OEM\scripts\HPScript.exe
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 17:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 16:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-15 17:46 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-10-15 17:46 249,856 ------w c:\windows\Setup1.exe
2008-10-06 13:51 20,224 ----a-w c:\windows\Help\OEM\scripts\HC_checkMUI.dll
2008-10-02 23:40 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-10-02 23:40 56 ---ha-w c:\programdata\ezsidmv.dat
2008-10-02 14:53 11,437,716 ----a-w c:\users\KIKO\ss-musicsamplebox2-baixandoja.blogspot.com-Mazinha.zip
2008-09-30 19:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-07-27 21:32 56 --sh--r c:\windows\System32\0D3DE806E3.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-17_14.37.05.49 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-17 13:45:48 51,200 ----a-w c:\windows\inf\infpub.dat
+ 2008-12-17 17:49:34 51,200 ----a-w c:\windows\inf\infpub.dat
- 2008-12-17 13:45:48 143,360 ----a-w c:\windows\inf\infstrng.dat
+ 2008-12-17 17:49:34 143,360 ----a-w c:\windows\inf\infstrng.dat
- 2008-12-17 13:38:45 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-17 17:49:42 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-17 13:38:45 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-17 17:49:42 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-17 13:38:45 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-17 17:49:42 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-17 13:45:59 101,250 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-17 17:39:06 101,250 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-17 13:45:59 587,178 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-17 17:39:06 587,178 ----a-w c:\windows\System32\perfh009.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-20 125952]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-11 21741864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-23 266497]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-09 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\program files\GbPlugin\gbiehcef.dll" [2008-09-01 374856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FD70B73F-1FD2-4086-887E-17DB85C7E509}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{50E85B62-97D2-4CB1-89E3-E9E26263F4C2}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CD52968A-5E2C-477F-9D1A-B0F2E2DF3423}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{BE633EB7-A30E-4995-9363-7D4D4E18BC94}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D5FBDF57-0801-4DB4-A9A7-89D36E454DC9}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A91C4F27-BD6C-4674-8847-A68274199BD1}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{979E409E-BDBF-4968-BBB6-C0E0E2C86B9A}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{81D8D5B2-4F1A-43D0-8D06-27A98C00A3F5}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4D9BA8BA-CCA5-404E-AEA3-E31A8ECB2323}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5039A1E3-8AEF-4E36-8317-8BF268906F7E}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{CBC7B02C-ADBF-425F-8C28-2DE9394AA87D}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{E45BC0E1-52E5-4179-9A89-39C3B3927AB0}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{59956796-24DF-4750-BE63-4BAB92EDEED2}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{EE118015-CDF3-44ED-A601-31B8D7867853}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{C995725B-B848-44B7-BC3B-ECFECDE6AC44}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{D5FEDE89-7A8E-406E-8D9F-5593E429CAAE}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{36D05BB0-6DFE-4D96-A966-9FC9D1EA1CF7}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{6E7E1A1E-7D0F-4026-82E6-D74012DBFBC3}"= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{35C591D2-1493-4245-B389-07E85E897765}"= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{95AB6679-CFE8-4B2A-8896-72B6EFFF2688}"= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{43A898AD-2E92-4CAF-8F4C-5571AD02063B}"= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{F95C56F2-2B6E-4596-8497-D24160A17079}"= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{220EC833-675E-4AC3-ACDF-D72FEE3C0500}"= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{F7F8F61C-2FE4-4046-AE0C-4E3C11089AB1}"= UDP:c:\program files\Autodesk\3ds Max 2008\3dsmax.exe:Autodesk 3ds Max 2008 32-bit
"{3CC3E51B-36A5-4197-A74D-60BC8B8A8459}"= TCP:c:\program files\Autodesk\3ds Max 2008\3dsmax.exe:Autodesk 3ds Max 2008 32-bit
"{896EB8E6-9EE0-4FF1-A8AA-54223509A649}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8510B759-DF75-4886-BB7A-3D972D209B28}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{13D6DE0B-94FE-4F2D-B893-D934474755C6}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{8866AD6F-EBF6-4296-A7B6-C91037E9D72B}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{0B99E929-5CAA-41F5-A569-BD5F6A70D9B2}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{D2A2B231-7314-44D8-BEDA-A78961D41389}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{37C129B1-CFC2-4772-BDE7-9CD9BC198407}c:\\program files\\valve\\hl.exe"= UDP:c:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{9D02CD28-F477-4F2A-977A-E9BE13A27FC7}c:\\program files\\valve\\hl.exe"= TCP:c:\program files\valve\hl.exe:Half-Life Launcher
"TCP Query User{2118A1EC-21E6-445F-9050-E81D93FEE769}c:\\program files\\valve\\hlds.exe"= UDP:c:\program files\valve\hlds.exe:HLDS Launcher
"UDP Query User{B9B3D325-5398-46F5-B4E6-7860B897DE19}c:\\program files\\valve\\hlds.exe"= TCP:c:\program files\valve\hlds.exe:HLDS Launcher
"TCP Query User{A8D91BA6-0E5B-4B83-8350-8A3923493A76}c:\\unrealtournament\\system\\unrealtournament.exe"= UDP:c:\unrealtournament\system\unrealtournament.exe:UnrealTournament
"UDP Query User{DDB92C00-5BC5-4AF5-80BC-A5CD25BBF4A2}c:\\unrealtournament\\system\\unrealtournament.exe"= TCP:c:\unrealtournament\system\unrealtournament.exe:UnrealTournament
"TCP Query User{B9290134-051D-4913-BA23-99892F87CA0C}c:\\program files\\valve\\hl.exe"= UDP:c:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{D6F59BF3-50BC-4A7C-913D-1B55119A627E}c:\\program files\\valve\\hl.exe"= TCP:c:\program files\valve\hl.exe:Half-Life Launcher
"{BD855660-FA73-4D73-9F10-F902E673EBF1}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{02CD1341-2C9C-4562-9C4C-022A5C0E1BEA}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{9A2465D6-FAEB-4629-994C-B605C56822AA}c:\\unrealtournament\\system\\unrealtournament.exe"= UDP:c:\unrealtournament\system\unrealtournament.exe:UnrealTournament
"UDP Query User{FA25A0F3-2E0D-40F0-A236-822469D94390}c:\\unrealtournament\\system\\unrealtournament.exe"= TCP:c:\unrealtournament\system\unrealtournament.exe:UnrealTournament
"TCP Query User{DAF58EC3-355C-4676-9029-5BF2DA3B6015}c:\\program files\\valve\\hltv.exe"= UDP:c:\program files\valve\hltv.exe:HLTV Launcher
"UDP Query User{12C9390A-C094-4FBC-8B93-A3841481DFE8}c:\\program files\\valve\\hltv.exe"= TCP:c:\program files\valve\hltv.exe:HLTV Launcher
"TCP Query User{550B51F7-6967-4976-9F0C-A4D746096ACA}c:\\program files\\dietwinclinico\\dwdbutil.exe"= UDP:c:\program files\dietwinclinico\dwdbutil.exe:BackpUp de banco de dados
"UDP Query User{27C9B30D-623C-4A86-87DC-CA2030EF44C8}c:\\program files\\dietwinclinico\\dwdbutil.exe"= TCP:c:\program files\dietwinclinico\dwdbutil.exe:BackpUp de banco de dados
"TCP Query User{E15830FC-2D54-4019-B934-99115943BC67}c:\\program files\\dietwinclinico\\clinico.exe"= UDP:c:\program files\dietwinclinico\clinico.exe:Clinico
"UDP Query User{8AA4727D-52A8-439B-9EA7-179EB45930C0}c:\\program files\\dietwinclinico\\clinico.exe"= TCP:c:\program files\dietwinclinico\clinico.exe:Clinico
"{F41A856D-96A6-4FD1-820E-1BD9049815F3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{C01F3017-7E8B-4B8A-BA87-BAE8ACE2852A}c:\\users\\kiko\\downloads\\skype.exe"= UDP:c:\users\kiko\downloads\skype.exe:skype.exe
"UDP Query User{F1CD4554-1BAC-4C7B-9F93-CA1677339EAC}c:\\users\\kiko\\downloads\\skype.exe"= TCP:c:\users\kiko\downloads\skype.exe:skype.exe
"TCP Query User{415C1EC0-F0B4-47A8-B2C5-E12DF1AB8D1E}c:\\program files\\valve\\hlds.exe"= UDP:c:\program files\valve\hlds.exe:HLDS Launcher
"UDP Query User{A60AD441-99E5-4C04-8745-ECBDC9BC47BC}c:\\program files\\valve\\hlds.exe"= TCP:c:\program files\valve\hlds.exe:HLDS Launcher
"TCP Query User{865970E7-5E62-4A67-A173-4F28A869AB76}c:\\program files\\counter-strike\\hl.exe"= UDP:c:\program files\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{FD8CC657-3FFA-4D32-8E55-865EADDF188A}c:\\program files\\counter-strike\\hl.exe"= TCP:c:\program files\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{956970D2-6AB5-475B-B4C8-91361C7C7189}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{1629330A-C01B-48FC-8FD5-9CE4DBEE91E9}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{05FE78B6-A3A4-484E-8F3C-4243EB0681B7}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= UDP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
"UDP Query User{69741506-1A51-4774-8C7F-852C2A4BD857}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= TCP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
"TCP Query User{E6F57669-6578-4E88-9D82-B9E3B6CB432F}c:\\valve\\condition zero\\czero.exe"= UDP:c:\valve\condition zero\czero.exe:Condition Zero Launcher
"UDP Query User{04A71327-0961-4F7A-9CB2-124BDD015FB1}c:\\valve\\condition zero\\czero.exe"= TCP:c:\valve\condition zero\czero.exe:Condition Zero Launcher
"TCP Query User{FBDF5380-C578-4730-A826-BCAFCAF225CD}c:\\valve\\condition zero\\hltv.exe"= UDP:c:\valve\condition zero\hltv.exe:HLTV Launcher
"UDP Query User{28BFE207-5A6E-4DD1-9552-0D4E885238F3}c:\\valve\\condition zero\\hltv.exe"= TCP:c:\valve\condition zero\hltv.exe:HLTV Launcher
"TCP Query User{A9A3DE63-9C78-4BE0-B0E9-169CE1FE8828}c:\\valve\\condition zero\\czero.exe"= UDP:c:\valve\condition zero\czero.exe:Condition Zero Launcher
"UDP Query User{10B77B0B-ECA3-4D5F-9CED-62DB29DB9BC2}c:\\valve\\condition zero\\czero.exe"= TCP:c:\valve\condition zero\czero.exe:Condition Zero Launcher
"TCP Query User{22DBD5DD-C3D8-4B0C-81E3-32B599E1E748}c:\\users\\kiko\\downloads\\unrealtournament\\system\\unrealtournament.exe"= UDP:c:\users\kiko\downloads\unrealtournament\system\unrealtournament.exe:unrealtournament.exe
"UDP Query User{F7DB1665-FB92-4016-A9E7-475266104101}c:\\users\\kiko\\downloads\\unrealtournament\\system\\unrealtournament.exe"= TCP:c:\users\kiko\downloads\unrealtournament\system\unrealtournament.exe:unrealtournament.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\DRIVERS\s916bus.sys [2007-11-02 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s916mdfl.sys [2008-08-03 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s916mdm.sys [2008-08-03 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s916mgmt.sys [2008-08-03 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s916obex.sys [2008-08-03 100008]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Conteúdo da pasta 'Tarefas Agendadas'

2008-12-17 c:\windows\Tasks\User_Feed_Synchronization-{8F7547C4-B8EB-4306-A201-E7F13FFBF278}.job
- c:\windows\system32\msfeedssync.exe [2008-01-20 23:24]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 16:09:39
Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
Tempo para conclusão: 2008-12-17 16:15:56
ComboFix-quarantined-files.txt 2008-12-17 19:15:54
ComboFix2.txt 2008-12-17 17:46:20

Pré-execução: 119.123.927.040 bytes free
Pós execução: 119,091,470,336 bytes free

261 --- E O F --- 2008-12-12 06:01:36
Clique para expandir...


Segue o link do log do hijack Wolf..

RapidShare: Easy Filehosting

RapidShare: Easy Filehosting

RapidShare: Easy Filehosting

valeu .... to no aguardo
 
Ok, marcoskiko, ótimo. Por favor delete a pasta C:\Qoobox e o log C:\ComboFix.txt.

Siga as instruções corretamente agora abaixo marcoskiko.

AOS DEMAIS COLEGAS DO FÓRUM, SUGIRO QUE NÃO REPITAM O PROCEDIMENTO ABAIXO POR CONTA PRÓPRIA. A FERRAMENTA ABAIXO É MUITO DANOSA E PERIGOSA SE UTILIZÁ-LA SEM SUPERVISÃO, PODE DANIFICAR INTEIRAMENTE O SISTEMA OPERACIONAL OU PREJUDICAR A INICIALIZAÇÃO DO SISTEMA. LEMBREM-SE QUE CADA CASO É UM CASO, A FERRAMENTA NECESSITA QUE CERTOS SERVIÇOS E ARQUIVOS ESTEJAM PRESENTES NA MÁQUINA, POR ISSO NÃO RECOMENDO O USO POR CONTA PRÓPRIA DESTA FERRAMENTA ABAIXO.


marcoskiko, baixe a ferramenta MsGates Tools que upei no host abaixo e salve em seu desktop;
RapidShare: Easy Filehosting

- Extraia o arquivo do zip para o desktop e clique com o botão direito do mouse sobre ícone da ferramenta. Selecione a opção Executar como Administrador;
- Após isto será criada uma pasta em C:\MGTools;
- Caso o UAC do Vista esteja ativado, vá até esta pasta e dê um duplo clique no arquivo DisableUAC.reg. Desative seu antivirus temporariamente também;
- Abrirá uma tela do prompt para você, apenas aguarde;
- Quando terminar, aparecerá uma mensagem no prompt para que pressione qualquer tecla, pressione Enter e a tela será fechada.
- Será criada uma outra pasta em: C:\MGTools.rar ou C:\MGTools.zip.

Upe esta pasta compactada no RapidShare e poste o link para download aqui marcoskiko.
 
Mr.Wolf disse:
Ok, marcoskiko, ótimo. Por favor delete a pasta C:\Qoobox e o log C:\ComboFix.txt.

Siga as instruções corretamente agora abaixo marcoskiko.

AOS DEMAIS COLEGAS DO FÓRUM, SUGIRO QUE NÃO REPITAM O PROCEDIMENTO ABAIXO POR CONTA PRÓPRIA. A FERRAMENTA ABAIXO É MUITO DANOSA E PERIGOSA SE UTILIZÁ-LA SEM SUPERVISÃO, PODE DANIFICAR INTEIRAMENTE O SISTEMA OPERACIONAL OU PREJUDICAR A INICIALIZAÇÃO DO SISTEMA. LEMBREM-SE QUE CADA CASO É UM CASO, A FERRAMENTA NECESSITA QUE CERTOS SERVIÇOS E ARQUIVOS ESTEJAM PRESENTES NA MÁQUINA, POR ISSO NÃO RECOMENDO O USO POR CONTA PRÓPRIA DESTA FERRAMENTA ABAIXO.


marcoskiko, baixe a ferramenta MsGates Tools que upei no host abaixo e salve em seu desktop;
RapidShare: Easy Filehosting

- Extraia o arquivo do zip para o desktop e clique com o botão direito do mouse sobre ícone da ferramenta. Selecione a opção Executar como Administrador;
- Após isto será criada uma pasta em C:\MGTools;
- Caso o UAC do Vista esteja ativado, vá até esta pasta e dê um duplo clique no arquivo DisableUAC.reg. Desative seu antivirus temporariamente também;
- Abrirá uma tela do prompt para você, apenas aguarde;
- Quando terminar, aparecerá uma mensagem no prompt para que pressione qualquer tecla, pressione Enter e a tela será fechada.
- Será criada uma outra pasta em: C:\MGTools.rar ou C:\MGTools.zip.

Upe esta pasta compactada no RapidShare e poste o link para download aqui marcoskiko.
Clique para expandir...


segue o link...so não achei com o mesmo nome que me falou...mas foi criado esse arquivo..

RapidShare: Easy Filehosting

RapidShare: Easy Filehosting

RapidShare: Easy Filehosting
 
Vírus

Mr. Wolf com a varredura do Malwarebyte's o Avira encontrou um Trojan em um arquivo na pasta C:\System Volume Information\....\A0009050.exe

:boring:

Is the TR/BH0.I.17 Trojan
 
Ola! parabens Mr.wolf
to tentando responder aqui e colocar o resultado do meu, nao ta indo. meu pc ta se desligando, e quando abre abre lento aquele emblema do windows como se nao tivesse drive de video ou algo assim.
se eu consegui posta coloco o resultado do meu aqui.
obrigado por enquanto!
abraço t+
 
marcoskiko, ótimo trabalho amigo.

O MsGates limpou o resto das infecções que haviam, e ainda restaurou algumas chaves do registro que foram danificadas pela infecção que estava em seu sistema.

Enfim, seus logs estão limpos marcoskiko. :)

Vá em Iniciar > Executar, digite: combofix /u e dê um Enter. Delete o arquivo MsGates Tools e suas pastas em C:\MGTools e C:\MGLogs. Caso as pastas do ComboFix ainda fiquem aí, remova-as em C:\Qoobox e C:\ComboFix. Delete também a ferramenta SDFix que utilizamos (caso esteja aí ainda).

Algum problema na máquina ainda marcoskiko?

_______________________________________________


julianossc, não entendi.

Como assim, "com a varredura do Malwarebytes o Avira detectou um trojan"?

Poste o log do Malwarebytes aqui julianossc.
 
OTTO_M disse:
Ola! parabens Mr.wolf
to tentando responder aqui e colocar o resultado do meu, nao ta indo. meu pc ta se desligando, e quando abre abre lento aquele emblema do windows como se nao tivesse drive de video ou algo assim.
se eu consegui posta coloco o resultado do meu aqui.
obrigado por enquanto!
abraço t+
Clique para expandir...
Opa OTTO_M

Geralmente problemas de desligamento assim são causados por falha de hardware mesmo. Já verificou se o problema não é hardware?

Porém, vale à pena sim averiguar se não há um vírus aí no sistema provocando isso.

Como não está conseguindo postar seu log aqui, upe-o no host aqui abaixo e poste o link para download aqui no tópico OTTO_M.

RapidShare: Easy Filehosting
 
Fala eterno Mestre Wolf tdo na paz irmão???

Então mr.Wolf desculpa ta te amolando aki de novo mais eh o seguinte.meu primo veio aki em ksa ele tem 12 anos de idade véi e baixou e instalou um programa aki de musica para converter musicas de um formato pro outro ta ligado??? :boring:

O problema eh q após ele instalar esse programa o pc começou a abrir pastas sozinho e ta completamente de vagar.Tipo eu to de boa navegando aki e abri uma pasta do nada.Axo q meu primo instalou um programa com virus aki cara :ranting3:

Eu passei o malwarebytes aki e ele nao deu nada.Tbm passei meu anti-virus avira aki e nada tbm.

Abaixo to colocando meu log Mestre Wolf pra vc se puder me ajudar seria otimo,pq nao sei mais o q fazer sera q vou ter q formatar???? :no:

Como nao to conseguindo postar o log aki fiz o q vc passo pro OTTO_M ai em cima e fiz um uploady do log no rapid share Mestre.

http://rapidshare.com/files/174444981/hijack_this.txt.html

Agradeço des de ja Mestre

:yes:
 
Megadeeth

Abra o bloco de notas do seu computador e cole este texto abaixo dentro:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\.Default]

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\.Default\.Default]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,6d,00,65,00,64,00,69,00,61,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,58,00,50,00,20,00,44,00,69,00,6e,00,67,00,2e,00,77,00,61,\
00,76,00,00,00

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\.Default\.Current]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,6d,00,65,00,64,00,69,00,61,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,58,00,50,00,20,00,44,00,69,00,6e,00,67,00,2e,00,77,00,61,\
00,76,00,00,00
Clique para expandir...

Salve em C: com o nome DivXFix Program.reg. Dê um duplo clique neste arquivo e clique em Sim na mensagem. Após isto, delete este arquivo.

- Faça o download do FindAWF e salve no desktop;

● Desative o Avira temporariamente e dê um duplo clique no ícone da ferramenta;
● Tecle 1 e aperte Enter;
● Aguarde o scan da ferramenta, é rápido;
● Abrirá o bloco de notas com um log para você.

Cole este log aqui.
 
Mr mto obrigado novamente por sua magnifica ajuda.Fiz tdo direitinho como vc falo na hora em q fiz akele eskema com o DivXFix Program.reg o pc ja melhorou bastante.Legal isso véi :D tu eh o cara msm Mestre :rolleyes:

Segue o log do findawf

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: 18/12/2008
The current time is: 02:52:44.56


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\WINDOW~2\BAK

18/12/2008 02:54 204,288 WMPNSCFG.exe
1 File(s) 204,288 bytes

Directory of C:\PROGRA~1\INTEL\IDU\BAK

18/12/2008 02:54 0 dataobj.dat
18/12/2008 02:55 2,242,328 iptray.exe
2 File(s) 2,242,328 bytes

Directory of C:\PROGRA~1\TRENDM~1\INTERN~1\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

10256 Dec 18 2008 "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
204288 Dec 18 2008 "C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe"
0 Dec 2008 "C:\Program Files\Intel\IDU\dataobj.dat"
0 Dec 18 2008 "C:\Program Files\Intel\IDU\bak\dataobj.dat"
14348 dec 18 2008 "C:\Program Files\Intel\IDU\iptray.exe"
2242328 Dec 18 2006 "C:\Program Files\Intel\IDU\bak\iptray.exe"


end of report
 
Megadeeth

- Dê um duplo clique no ícone do FindAWF para executá-lo novamente;

● Tecle 2 e dê um Enter;
● Será aberto um novo bloco de notas para você;
● Copie este texto aqui abaixo e cole dentro do bloco de notas que foi aberto:

"C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe"
"C:\Program Files\Intel\IDU\bak\dataobj.dat"
"C:\Program Files\Intel\IDU\bak\iptray.exe
Clique para expandir...

● Feche o bloco de notas e clique na opção Yes;
● Aguarde a remoção dos arquivos infectados;
● Será aberto um outro bloco de notas com o novo log então.

Cole este outro log em sua próxima resposta.
 
Feito Mestre.Seguinte as pastas nao abrem mais sozinhas :D vc eh phoda demais Mr.Wolf.saca de virus cara.:yes:

Segue o log

Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: 18/12/2008
The current time is: 03:13:09.78


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\WINDOW~2\BAK

18/12/2006 03:15 204,288 WMPNSCFG.exe
1 File(s) 204,288 bytes

Directory of C:\PROGRA~1\INTEL\IDU\BAK

18/12/2008 03:15 0 dataobj.dat
18/12/2008 03:17 2,242,328 iptray.exe
2 File(s) 2,242,328 bytes

Directory of C:\PROGRA~1\TRENDM~1\INTERN~1\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

204288 Dec 18 2008 "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
204288 Dec 18 2008 "C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe"
0 Dec 18 2008 "C:\Program Files\Intel\IDU\dataobj.dat"
0 Dec 18 2008 "C:\Program Files\Intel\IDU\bak\dataobj.dat"
2242328 Dec 18 2008 "C:\Program Files\Intel\IDU\iptray.exe"
2242328 Dec 18 2008 "C:\Program Files\Intel\IDU\bak\iptray.exe"


end of report


BRIGADOOOOOOOOOOO
 
- Duplo clique no FindAWF;

● Tecle 3 e dê um Enter;
● Será aberto o bloco de notas com novas informações;
● Copie o texto abaixo e cole dentro do bloco de notas que foi aberto:

C:\Program Files\Windows Media Player\bak
C:\Program Files\Intel\IDU\bak
C:\Program Files\Intel\IDU\bak
Clique para expandir...

● Feche o bloco e clique na opção Yes;
● Aguarde a remoção;
● Será gerado um novo log no bloco de notas.

Cole este log aqui.
 
Você deve fazer login ou se registrar para responder aqui.

Users who are viewing this thread

Total: 4 (membros: 0, visitantes: 4)
Voltar
Topo