Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Plinio Barbosa

Não consigo eliminar o kavo

Recommended Posts

Oi pessoal, estou com um sério problema... toda vez que ligo meu pc o avast acusa o vírus C:\WINDOWS\system32\kavo0.dll.. isto acontece ou quando eu entro no windows ou quando eu vou abrir a pasta C:\... Depois do aviso do avast eu clico em EXCLUIR e dai aparece uma msg de erro no "u.exe"... esse kavo sempre volta pra lista de inicialização do windows xp quando entro no msconfig... mesmo depois de tirar, ele volta... as vezes aparece um tal de tavo.exe junto... o que devo fazer???

Grato.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Kavo

Estou com o mesmo problema do Plínio Barbosa, tenho o pccilin e também não estou conseguindo eliminar o Kavo,além do mais os arquivos ocultos não abrem mais nem pelo regedit

Qualquer solução me mandem email para

vinasllera@yahoo.com.br

Compartilhar este post


Link para o post
Compartilhar em outros sites

ºBaixe O Hijackthis

* Coloque o arquivo numa pasta própria em C:\;

* Dê um duplo clique no HijackThis e clique em Do a system scan and save a logfile;

* Copie o conteúdo do bloco de notas cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Baixei o HijackThis e deu este log...

    Logfile of HijackThis v1.99.1

    Scan saved at 15:02:59, on 24/2/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\ARQUIV~1\GbPlugin\GbpSv.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

    C:\WINDOWS\System32\alg.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\Arquivos de programas\MSN Messenger\usnsvc.exe

    C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\AcroRd32.exe

    C:\WINDOWS\system32\dwwin.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\WINDOWS\explorer.exe

    C:\WINDOWS\explorer.exe

    C:\Pcket killbox\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

    O11 - Options group: [iNTERNATIONAL] International*

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

    O20 - Winlogon Notify: GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (file missing)

    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    *Baixe o Penclean e salve-o no desktop

    *Extraia todo o seu conteúdo

    *Atenção!!!...o procedimento irá apagar o conteúdo da lixeira também. Se tiver algo nesta pasta desejado salve em outro local.

    *Selecione a opção "Verificar o computador" e clique no botão "Verificar"

    *Será informado se algo foi encontrado, caso positivo será solicitado para reiniciar, clique em "Não"

    *Selecione a opção "Verificar unidade", na caixa de seleção, coloque em "Todas as unidades" e clique no botão "Verificar"

    *Será informado se algo foi encontrado, caso positivo será solicitado para reiniciar, clique em "Sim"

    *Cole o resultado criado em C:\PenClean.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Processo realizado:

    Iniciando relatório do PenClean 2.0.3

    Por Renato Victor Mejias

    renatomejias@yahoo.com.br

    24/2/2008 15:49:14

    -----------------------------------------------------------

    Arquivos e chaves excluídos do computador:

    Arquivos excluídos do computador (Troj/Lineag-GLG):

    C:\WINDOWS\System32\kavo.exe foi deletado com sucesso!

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\kava foi deletado com sucesso!

    -----------------------------------------------------------

    Fim da análise no computador.

    -----------------------------------------------------------

    Arquivos e chaves excluídos da unidade escolhida:

    Malware não detectado em nenhuma unidade!

    -----------------------------------------------------------

    Fim da análise, a unidade verificada foi: "Todas as unidades"

    -----------------------------------------------------------

    No entanto, quando vou acessar o C:\ la está o avast acusando o Kavo0.dll novamente...

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • TA LIMPO???

    Logfile of HijackThis v1.99.1

    Scan saved at 16:26:16, on 24/2/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\ARQUIV~1\GbPlugin\GbpSv.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Pcket killbox\HijackThis.exe

    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

    O11 - Options group: [iNTERNATIONAL] International*

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

    O20 - Winlogon Notify: GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (file missing)

    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    ºFaça o download do Killbox e execute-o.

    1 - Rode o KillBox, marque Delete on Reboot e coloque em Full Path of File to Delete:

    C:\WINDOWS\System32\kavo0.dll

    Clique no botão

    killbox.pngResponda Sim à pergunta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    terceiropb, o PenClean não elimina esse malware se executado em modo normal, deve ser em modo seguro, e ainda está em teste.

    Plinio Barbosa por gentileza, siga minhas instruções:

    Faça o download do ComboFix

    É importante que o salve no seu desktop (ambiente de trabalho)

    • Feche todas as janelas e programas.
    • Dê um duplo-clique no combofix.exe, marque 1 e dê o enter.
    • É um pouco demorado, por favor seja paciente.
    • Quando a ferramenta terminar de rodar, gerará um log. Poste o arquivo C:\ComboFix.txt.
    • Faça também um novo log do HijackThis para colocar na sua resposta.

    Atenção: Não clique com o mouse enquanto a ferramenta estiver rodando, isso pode fazer com que o PC pare.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • LOG COMBOFIX

    -----------------

    ComboFix 08-03-10.1 - Plinio 2008-03-13 13:30:23.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.537 [GMT -3:00]

    Executando de: C:\Documents and Settings\Plinio\Desktop\ComboFix.exe

    * Criado um novo ponto de restauro

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\WINDOWS\system32\AutoRun.inf

    C:\WINDOWS\system32\tavo1.dll

    .

    ((((((((((((((((((((((( Ficheiros criados de 2008-02-13 to 2008-03-13 ))))))))))))))))))))))))))))))))

    .

    2008-03-12 18:44 . 2008-03-12 18:46 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Macromedia

    2008-03-12 18:42 . 2008-03-12 18:46 <DIR> d-------- C:\Arquivos de programas\Macromedia

    2008-03-12 18:42 . 2008-03-12 18:42 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Vbox

    2008-03-11 17:23 . 2008-03-11 17:23 <DIR> d-------- C:\WINDOWS\Downloaded Installations

    2008-03-11 16:42 . 2008-03-11 17:22 <DIR> d-------- C:\Arquivos de programas\Autodesk

    2008-03-11 16:37 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

    2008-03-09 23:47 . 2008-03-09 23:47 <DIR> d-------- C:\Documents and Settings\Carlos Otávio\Dados de aplicativos\Ulead Systems

    2008-03-09 14:58 . 2008-03-09 14:58 38 --a------ C:\WINDOWS\avisplitter.INI

    2008-03-09 14:49 . 2008-03-11 17:27 <DIR> d-------- C:\Documents and Settings\Plinio\Dados de aplicativos\Ulead Systems

    2008-03-09 14:48 . 2008-03-09 14:48 <DIR> d-------- C:\Arquivos de programas\Windows Media Components

    2008-03-09 14:47 . 2008-03-11 17:24 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Ulead Systems

    2008-03-09 14:47 . 2008-03-09 14:47 <DIR> d-------- C:\Arquivos de programas\Ulead Systems

    2008-03-09 14:47 . 2008-03-11 17:25 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ulead Systems

    2008-03-09 11:00 . 2008-03-09 11:00 <DIR> d-------- C:\Documents and Settings\Plinio\Dados de aplicativos\DivX

    2008-03-09 10:26 . 2008-03-10 10:03 115,749 --------- C:\1wod1.com

    2008-03-08 12:01 . 2008-03-08 12:00 120,783 --------- C:\obc3wrq3.bat

    2008-03-05 22:11 . 2008-03-05 22:11 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0

    2008-03-05 22:11 . 2008-03-05 22:11 <DIR> d-------- C:\Arquivos de programas\WinAVI Video Converter 9.0

    2008-03-05 21:09 . 2008-03-05 21:09 <DIR> d-------- C:\Documents and Settings\Plinio\Dados de aplicativos\skypePM

    2008-03-05 21:09 . 2008-03-05 22:21 <DIR> d-------- C:\Documents and Settings\Plinio\Dados de aplicativos\Skype

    2008-03-03 06:29 . 2008-03-03 06:29 <DIR> d-------- C:\Arquivos de programas\DVDVideoSoft

    2008-03-03 06:29 . 2008-03-03 06:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft

    2008-03-03 06:29 . 2002-01-05 14:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

    2008-03-02 23:11 . 2008-03-02 23:11 <DIR> d-------- C:\WINDOWS\Sun

    2008-03-02 00:02 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

    2008-03-02 00:02 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

    2008-03-02 00:02 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

    2008-03-01 18:19 . 2008-03-02 17:06 <DIR> d-------- C:\Arquivos de programas\StuffPlug3

    2008-03-01 17:11 . 2008-03-01 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

    2008-03-01 17:11 . 2008-03-01 18:17 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

    2008-03-01 17:09 . 2008-03-02 16:47 <DIR> d-------- C:\Arquivos de programas\MessengerDiscovery

    2008-03-01 17:04 . 2004-08-04 00:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

    2008-03-01 17:03 . 2008-03-01 17:03 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

    2008-03-01 17:02 . 2008-03-01 17:02 <DIR> d-------- C:\WINDOWS\system32\LogFiles

    2008-03-01 17:02 . 2008-03-01 17:03 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

    2008-03-01 14:22 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

    2008-03-01 14:21 . 2008-03-01 14:21 <DIR> d-------- C:\Arquivos de programas\MSBuild

    2008-03-01 14:21 . 2008-03-01 14:21 <DIR> d-------- C:\Arquivos de programas\Microsoft Works

    2008-03-01 14:13 . 2008-03-13 01:20 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

    2008-02-28 22:09 . 2005-11-10 13:03 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl

    2008-02-28 22:08 . 2008-02-28 22:09 <DIR> d-------- C:\Arquivos de programas\Java

    2008-02-28 22:08 . 2008-02-28 22:08 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

    2008-02-28 22:05 . 2008-02-28 22:05 <DIR> d-------- C:\Arquivos de programas\positivo

    2008-02-26 14:10 . 2008-03-01 14:14 <DIR> d-------- C:\Arquivos de programas\7-Zip

    2008-02-25 08:25 . 2008-02-25 08:25 <DIR> d-------- C:\Arquivos de programas\MSXML 6.0

    2008-02-24 17:07 . 2008-03-12 14:50 2,516 --ahs---- C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

    2008-02-24 17:07 . 2008-02-24 17:07 8 -r-hs---- C:\Documents and Settings\All Users\Dados de aplicativos\F4052AFDC4.sys

    2008-02-24 17:06 . 2008-02-24 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Corel

    2008-02-24 17:06 . 2008-02-24 17:06 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Protexis

    2008-02-24 15:46 . 2008-02-24 15:46 <DIR> d-------- C:\PenClean

    2008-02-20 17:26 . 2008-03-10 06:56 <DIR> d-------- C:\Pcket killbox

    2008-02-18 14:19 . 2008-02-21 07:48 115,221 --------- C:\gqsk.bat

    2008-02-17 14:24 . 2008-02-18 12:14 113,930 --------- C:\p9.exe

    2008-02-16 11:12 . 2004-08-03 22:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys

    2008-02-16 11:12 . 2004-08-03 22:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys

    2008-02-16 09:41 . 2008-02-15 18:14 112,726 --------- C:\u18vxqle.com

    2008-02-15 21:22 . 2008-02-15 21:22 <DIR> d-------- C:\Arquivos de programas\GbPlugin

    2008-02-15 19:21 . 2008-02-15 19:21 <DIR> d-------- C:\Documents and Settings\Plinio\Dados de aplicativos\NCH Swift Sound

    2008-02-15 19:21 . 2008-02-15 19:21 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound

    2008-02-15 19:21 . 2008-02-15 19:21 <DIR> d-------- C:\Arquivos de programas\NCH Swift Sound

    2008-02-14 22:16 . 2008-01-30 18:08 <DIR> d--h----- C:\Documents and Settings\Gra Principa\Modelos

    2008-02-14 22:16 . 2008-02-14 22:17 <DIR> dr------- C:\Documents and Settings\Gra Principa\Meus documentos

    2008-02-14 22:16 . 2008-01-30 16:01 <DIR> dr------- C:\Documents and Settings\Gra Principa\Menu Iniciar

    2008-02-14 22:16 . 2008-02-14 22:17 <DIR> dr------- C:\Documents and Settings\Gra Principa\Favoritos

    2008-02-14 22:16 . 2008-03-04 23:12 <DIR> dr-h----- C:\Documents and Settings\Gra Principa\Dados de aplicativos

    2008-02-14 22:16 . 2008-02-14 22:17 <DIR> d--h----- C:\Documents and Settings\Gra Principa\Configurações locais

    2008-02-14 22:16 . 2008-01-30 16:01 <DIR> d--h----- C:\Documents and Settings\Gra Principa\Ambiente de rede

    2008-02-14 22:16 . 2008-01-30 16:01 <DIR> d--h----- C:\Documents and Settings\Gra Principa\Ambiente de impressão

    2008-02-13 18:23 . 2008-02-15 06:55 113,896 --------- C:\o2yf0w.bat

    2008-02-13 07:35 . 2008-02-24 17:07 <DIR> d-------- C:\Documents and Settings\Plinio\Dados de aplicativos\Corel

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-03-13 15:33 --------- d-----w C:\Arquivos de programas\eMule

    2008-03-13 15:04 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

    2008-03-12 21:46 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

    2008-03-11 20:24 --------- d-----w C:\Arquivos de programas\Corel

    2008-03-01 21:21 --------- d-----w C:\Arquivos de programas\MSN Messenger

    2008-03-01 20:16 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

    2008-03-01 20:11 --------- d-----w C:\Arquivos de programas\Windows Live

    2008-02-29 01:04 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

    2008-02-24 22:01 --------- d-----w C:\Arquivos de programas\NetScream

    2008-02-21 21:45 --------- d-----w C:\Arquivos de programas\Bonjour

    2008-02-11 20:37 --------- d-----w C:\Arquivos de programas\PC Inspector File Recovery

    2008-02-11 20:28 115,526 ------w C:\6.bat

    2008-02-10 01:51 --------- d-----w C:\Arquivos de programas\MSXML 4.0

    2008-02-07 22:50 112,991 ------w C:\e.bat

    2008-02-06 19:23 113,810 ------w C:\ep9otvan.com

    2008-02-06 14:37 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

    2008-02-06 13:37 --------- d-----w C:\Arquivos de programas\Firebird

    2008-02-06 13:36 --------- d-----w C:\Arquivos de programas\Click

    2008-02-05 22:28 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Corel

    2008-02-05 22:17 --------- d-----w C:\Arquivos de programas\UltraISO

    2008-02-05 22:17 --------- d-----w C:\Arquivos de programas\Arquivos comuns\EZB Systems

    2008-02-05 20:55 --------- d-----w C:\Arquivos de programas\Zerosoft

    2008-02-05 20:13 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

    2008-02-05 18:50 113,283 ------w C:\jbfqv8j.cmd

    2008-02-05 18:50 --------- d-----w C:\Arquivos de programas\WinAVI Video Converter

    2008-02-05 18:44 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

    2008-02-05 18:41 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Hewlett-Packard

    2008-02-05 18:36 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

    2008-02-05 18:34 --------- d-----w C:\Arquivos de programas\HP

    2008-02-05 18:16 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\InstallShield

    2008-02-04 21:16 464,112 ----a-w C:\WINDOWS\fishies.scr

    2008-02-04 21:16 463,068 ----a-w C:\WINDOWS\fishies.exe

    2008-02-04 21:16 40,960 ----a-w C:\WINDOWS\fishies.dll

    2008-02-03 13:15 --------- d-----w C:\Arquivos de programas\KAIZEN Games

    2008-02-03 11:45 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Stardock

    2008-02-02 22:53 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

    2008-02-02 20:05 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

    2008-02-02 20:02 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

    2008-02-02 19:38 112,712 ------w C:\w0owgn.bat

    2008-02-02 17:57 --------- d-----w C:\Arquivos de programas\WinFlip

    2008-02-02 17:57 --------- d-----w C:\Arquivos de programas\VisualTooltip

    2008-02-02 17:57 --------- d-----w C:\Arquivos de programas\ViStart

    2008-02-02 17:57 --------- d-----w C:\Arquivos de programas\Vista Sidebar

    2008-02-02 17:57 --------- d-----w C:\Arquivos de programas\ViOrb

    2008-02-02 17:57 --------- d-----w C:\Arquivos de programas\TrueTransparency

    2008-02-02 17:57 --------- d-----w C:\Arquivos de programas\Styler

    2008-02-02 17:57 --------- d-----w C:\Arquivos de programas\LClock

    2008-02-02 16:47 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

    2008-02-02 16:45 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

    2008-02-02 16:45 --------- d-----w C:\Arquivos de programas\Skype

    2008-02-02 16:45 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Skype

    2008-02-02 14:14 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

    2008-02-01 06:59 --------- d-----w C:\Arquivos de programas\SlySoft

    2008-01-31 22:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

    2008-01-31 22:37 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

    2008-01-30 21:58 --------- d-----w C:\Arquivos de programas\Aurélio - Século XXI

    2008-01-30 21:49 --------- d-----w C:\Arquivos de programas\CyberLink

    2008-01-30 21:47 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Nero

    2008-01-30 21:46 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

    2008-01-30 21:46 --------- d-----w C:\Arquivos de programas\Ahead

    2008-01-30 21:33 --------- d-----w C:\Arquivos de programas\Elaborate Bytes

    2008-01-30 21:33 --------- d-----w C:\Arquivos de programas\Alwil Software

    2008-01-30 21:29 --------- d-----w C:\Arquivos de programas\Realtek

    2008-01-30 21:25 315,392 ----a-w C:\WINDOWS\HideWin.exe

    2008-01-30 21:25 --------- d-----w C:\Arquivos de programas\S3

    2008-01-30 21:12 --------- d-----w C:\Arquivos de programas\microsoft frontpage

    2008-01-30 21:10 --------- d-----w C:\Arquivos de programas\Serviços on-line

    2008-01-30 21:09 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

    2008-01-14 10:54 115,079 ------w C:\ek.com

    2008-01-10 15:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll

    2008-01-10 15:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll

    2007-12-24 15:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & legítimas por defeito não são mostradas.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

    "eMuleAutoStart"="C:\Arquivos de programas\eMule\emule.exe" [2007-05-13 11:57 5308416]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\Arquivos de programas\GbPlugin\gbiehabn.dll [2008-01-14 13:18 346536]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

    C:\Arquivos de programas\GbPlugin\gbiehabn.dll 2008-01-14 13:18 346536 C:\Arquivos de programas\GbPlugin\gbiehabn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

    --a------ 2007-02-28 22:06 2321600 C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

    --------- 2005-05-04 15:43 69632 C:\WINDOWS\Alcmtr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

    --a------ 2004-08-04 00:45 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD]

    C:\Arquivos de programas\SlySoft\AnyDVD\ElbyCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

    --a------ 2006-10-27 00:47 31016 C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

    --a------ 2005-08-11 15:30 249856 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

    --a------ 2005-08-11 15:30 81920 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kava]

    C:\WINDOWS\system32\kavo.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

    --a------ 2006-12-05 21:55 54832 C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    --------- 2004-10-13 13:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

    --------- 2006-11-23 14:10 56928 C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

    --------- 2007-01-31 15:54 16116224 C:\WINDOWS\RTHDCPL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]

    --a------ 2006-07-11 08:33 176128 C:\WINDOWS\system32\S3Trayp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

    --------- 2006-05-17 15:04 2879488 C:\WINDOWS\SkyTel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]

    --a------ 2006-05-15 04:52 675840 C:\WINDOWS\vsnp2std.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

    -rahs---- 2008-01-28 10:43 2097488 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    --a------ 2005-11-10 13:03 36975 C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tava]

    C:\WINDOWS\system32\tavo.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]

    --a------ 2007-08-02 21:08 95504 C:\Arquivos de programas\Arquivos comuns\Ulead Systems\AutoDetector\monitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]

    --a------ 2006-07-20 02:04 118784 C:\Arquivos de programas\Ulead Systems\Ulead DVD MovieFactory 5 Plus\Ulead DVD MovieFactory 5\Quick-Drop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

    --a------ 2006-08-03 20:53 53248 C:\WINDOWS\system32\VTTimer.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "C:\\Arquivos de programas\\MessengerDiscovery\\MessengerDiscovery Live.exe"=

    "C:\\Arquivos de programas\\eMule\\emule.exe"=

    "C:\\Arquivos de programas\\KAIZEN Games\\SecondLifeBrasil\\SLVoice.exe"=

    "C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

    "C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

    "C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

    R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe [2004-02-23 00:05]

    R2 PSI_SVC_2;Protexis Licensing V2;"c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15]

    R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 08:58]

    R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe [2004-02-23 00:05]

    R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-09-12 16:43]

    R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-06-06 23:34]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    hpdevmgmt REG_MULTI_SZ hpqcxs08

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abddeb5e-d08c-11dc-9c0c-001e8c084c61}]

    \Shell\AutoRun\command - E:\1wod1.com

    \Shell\explore\Command - E:\1wod1.com

    \Shell\open\Command - E:\1wod1.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf47facf-ec29-11dc-86d1-001e8c084c61}]

    \Shell\AutoRun\command - E:\ep9otvan.com

    \Shell\explore\Command - E:\ep9otvan.com

    \Shell\open\Command - E:\ep9otvan.com

    .

    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-03-13 13:32:49

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    .

    Tempo para conclusão: 2008-03-13 13:33:28

    ComboFix-quarantined-files.txt 2008-03-13 16:33:20

    .

    2008-03-13 04:20:53 --- E O F ---

    --------------------------------------------------------------------------

    LOG HIJACKTHIS

    ----------------

    Logfile of HijackThis v1.99.1

    Scan saved at 13:37:28, on 13/3/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\ARQUIV~1\GbPlugin\GbpSv.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

    C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

    C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

    C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\explorer.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\Pcket killbox\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

    O11 - Options group: [iNTERNATIONAL] International*

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

    O20 - Winlogon Notify: GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (file missing)

    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)

    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Desative temporariamente seu antivírus ou qualquer outro software de segurança, tais como firewall, antispyware, etc.

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Quote":

    File::

    C:\WINDOWS\fishies.scr
    C:\WINDOWS\fishies.exe
    C:\WINDOWS\fishies.dll
    C:\1wod1.com
    C:\obc3wrq3.bat
    C:\gqsk.bat
    C:\p9.exe
    C:\u18vxqle.com
    C:\o2yf0w.bat
    C:\6.bat
    C:\e.bat
    C:\ep9otvan.com
    C:\jbfqv8j.cmd
    C:\w0owgn.bat
    C:\ek.com
    C:\WINDOWS\system32\kavo.exe
    C:\WINDOWS\system32\tavo.exe

    Registry::

    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kava]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tava]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abddeb5e-d08c-11dc-9c0c-001e8c084c61}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf47facf-ec29-11dc-86d1-001e8c084c61}]

    • Salve este arquivo como: CFScript.txt
      cfscriptuq2.gif
    • Tal como exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
    • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.
    • Faça também um novo log do HijackThis para colocar na sua resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • LOG COMBOFIX

    ---------------------------

    ComboFix 08-03-10.1 - Plinio 2008-03-15 14:43:08.2 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.552 [GMT -3:00]

    Executando de: C:\Documents and Settings\Plinio\Desktop\ComboFix.exe

    Command switches used :: C:\Documents and Settings\Plinio\Desktop\CFScript.txt

    * Criado um novo ponto de restauro

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::

    C:\1wod1.com

    C:\6.bat

    C:\e.bat

    C:\ek.com

    C:\ep9otvan.com

    C:\gqsk.bat

    C:\jbfqv8j.cmd

    C:\o2yf0w.bat

    C:\obc3wrq3.bat

    C:\p9.exe

    C:\u18vxqle.com

    C:\w0owgn.bat

    C:\WINDOWS\fishies.dll

    C:\WINDOWS\fishies.exe

    C:\WINDOWS\fishies.scr

    C:\WINDOWS\system32\kavo.exe

    C:\WINDOWS\system32\tavo.exe

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\ep9otvan.com

    C:\WINDOWS\fishies.dll

    C:\WINDOWS\fishies.exe

    C:\WINDOWS\fishies.scr

    C:\WINDOWS\system32\kavo.exe

    C:\WINDOWS\system32\kavo1.dll

    C:\WINDOWS\system32\tavo.exe

    C:\WINDOWS\system32\tavo1.dll

    .

    ((((((((((((((((((((((( Ficheiros criados de 2008-02-15 to 2008-03-15 ))))))))))))))))))))))))))))))))

    .

    2008-03-15 14:31 . 2008-03-15 14:31 113,307 -r-hs---- C:\i8.com

    2008-03-14 12:13 . 2008-03-14 12:12 114,031 -r-hs---- C:\rtnlpipu.com

    2008-03-13 23:45 . 2008-03-15 14:30 81,408 -r-hs---- C:\WINDOWS\system32\tavo0.dll

    2008-03-13 20:57 . 2008-03-13 21:09 <DIR> d-------- C:\TEMP

    2008-03-13 20:51 . 2008-03-13 20:51 <DIR> d-------- C:\WINDOWS\Corel

    2008-03-13 20:51 . 2008-03-13 20:51 <DIR> d-------- C:\Arquivos de programas\KnockOut 2

    2008-03-13 20:51 . 2008-03-13 20:51 279 --a------ C:\WINDOWS\PowerReg.dat

    2008-03-13 20:50 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

    2008-03-13 19:50 . 2008-03-14 00:52 112,080 -r-hs---- C:\1i.com

    2008-03-13 19:49 . 2008-03-15 14:42 502 -r-hs---- C:\autorun.inf

    2008-03-12 18:44 . 2008-03-12 18:46 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Macromedia

    2008-03-12 18:42 . 2008-03-12 18:46 <DIR> d-------- C:\Arquivos de programas\Macromedia

    2008-03-12 18:42 . 2008-03-12 18:42 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Vbox

    2008-03-11 17:23 . 2008-03-11 17:23 <DIR> d-------- C:\WINDOWS\Downloaded Installations

    2008-03-11 16:42 . 2008-03-11 17:22 <DIR> d-------- C:\Arquivos de programas\Autodesk

    2008-03-11 16:37 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

    2008-03-09 23:47 . 2008-03-09 23:47 <DIR> d-------- C:\Documents and Settings\Carlos Otávio\Dados de aplicativos\Ulead Systems

    2008-03-09 14:58 . 2008-03-09 14:58 38 --a------ C:\WINDOWS\avisplitter.INI

    2008-03-09 14:49 . 2008-03-13 21:21 <DIR> d-------- C:\Documents and Settings\Plinio\Dados de aplicativos\Ulead Systems

    2008-03-09 14:48 . 2008-03-09 14:48 <DIR> d-------- C:\Arquivos de programas\Windows Media Components

    2008-03-09 14:47 . 2008-03-11 17:24 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Ulead Systems

    2008-03-09 14:47 . 2008-03-09 14:47 <DIR> d-------- C:\Arquivos de programas\Ulead Systems

    2008-03-09 14:47 . 2008-03-11 17:25 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ulead Systems

    2008-03-09 11:00 . 2008-03-09 11:00 <DIR> d-------- C:\Documents and Settings\Plinio\Dados de aplicativos\DivX

    2008-03-05 22:11 . 2008-03-05 22:11 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0

    2008-03-05 22:11 . 2008-03-05 22:11 <DIR> d-------- C:\Arquivos de programas\WinAVI Video Converter 9.0

    2008-03-05 21:09 . 2008-03-05 21:09 <DIR> d-------- C:\Documents and Settings\Plinio\Dados de aplicativos\skypePM

    2008-03-05 21:09 . 2008-03-05 22:21 <DIR> d-------- C:\Documents and Settings\Plinio\Dados de aplicativos\Skype

    2008-03-03 06:29 . 2008-03-03 06:29 <DIR> d-------- C:\Arquivos de programas\DVDVideoSoft

    2008-03-03 06:29 . 2008-03-03 06:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft

    2008-03-03 06:29 . 2002-01-05 14:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

    2008-03-02 23:11 . 2008-03-02 23:11 <DIR> d-------- C:\WINDOWS\Sun

    2008-03-02 00:02 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

    2008-03-02 00:02 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

    2008-03-02 00:02 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

    2008-03-01 18:19 . 2008-03-02 17:06 <DIR> d-------- C:\Arquivos de programas\StuffPlug3

    2008-03-01 17:11 . 2008-03-01 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

    2008-03-01 17:11 . 2008-03-01 18:17 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

    2008-03-01 17:09 . 2008-03-02 16:47 <DIR> d-------- C:\Arquivos de programas\MessengerDiscovery

    2008-03-01 17:04 . 2004-08-04 00:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

    2008-03-01 17:03 . 2008-03-01 17:03 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

    2008-03-01 17:02 . 2008-03-01 17:02 <DIR> d-------- C:\WINDOWS\system32\LogFiles

    2008-03-01 17:02 . 2008-03-01 17:03 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

    2008-03-01 14:22 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

    2008-03-01 14:21 . 2008-03-01 14:21 <DIR> d-------- C:\Arquivos de programas\MSBuild

    2008-03-01 14:21 . 2008-03-01 14:21 <DIR> d-------- C:\Arquivos de programas\Microsoft Works

    2008-03-01 14:13 . 2008-03-13 01:20 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

    2008-02-28 22:09 . 2005-11-10 13:03 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl

    2008-02-28 22:08 . 2008-02-28 22:09 <DIR> d-------- C:\Arquivos de programas\Java

    2008-02-28 22:08 . 2008-02-28 22:08 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

    2008-02-28 22:05 . 2008-02-28 22:05 <DIR> d-------- C:\Arquivos de programas\positivo

    2008-02-26 14:10 . 2008-03-01 14:14 <DIR> d-------- C:\Arquivos de programas\7-Zip

    2008-02-25 08:25 . 2008-02-25 08:25 <DIR> d-------- C:\Arquivos de programas\MSXML 6.0

    2008-02-24 17:07 . 2008-03-14 06:42 2,516 --ahs---- C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

    2008-02-24 17:07 . 2008-02-24 17:07 8 -r-hs---- C:\Documents and Settings\All Users\Dados de aplicativos\F4052AFDC4.sys

    2008-02-24 17:06 . 2008-02-24 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Corel

    2008-02-24 17:06 . 2008-02-24 17:06 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Protexis

    2008-02-24 15:46 . 2008-02-24 15:46 <DIR> d-------- C:\PenClean

    2008-02-20 17:26 . 2008-03-15 14:41 <DIR> d-------- C:\Pcket killbox

    2008-02-16 11:12 . 2004-08-03 22:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys

    2008-02-16 11:12 . 2004-08-03 22:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys

    2008-02-15 21:22 . 2008-02-15 21:22 <DIR> d-------- C:\Arquivos de programas\GbPlugin

    2008-02-15 19:21 . 2008-02-15 19:21 <DIR> d-------- C:\Documents and Settings\Plinio\Dados de aplicativos\NCH Swift Sound

    2008-02-15 19:21 . 2008-02-15 19:21 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound

    2008-02-15 19:21 . 2008-02-15 19:21 <DIR> d-------- C:\Arquivos de programas\NCH Swift Sound

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-03-15 17:30 --------- d-----w C:\Arquivos de programas\eMule

    2008-03-14 20:16 --------- d-----w C:\Arquivos de programas\NetScream

    2008-03-13 15:04 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

    2008-03-12 21:46 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

    2008-03-11 20:24 --------- d-----w C:\Arquivos de programas\Corel

    2008-03-01 21:21 --------- d-----w C:\Arquivos de programas\MSN Messenger

    2008-03-01 20:16 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

    2008-03-01 20:11 --------- d-----w C:\Arquivos de programas\Windows Live

    2008-02-29 01:04 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

    2008-02-24 20:07 --------- d-----w C:\Documents and Settings\Plinio\Dados de aplicativos\Corel

    2008-02-21 21:45 --------- d-----w C:\Arquivos de programas\Bonjour

    2008-02-11 20:37 --------- d-----w C:\Arquivos de programas\PC Inspector File Recovery

    2008-02-10 01:51 --------- d-----w C:\Arquivos de programas\MSXML 4.0

    2008-02-06 14:37 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

    2008-02-06 13:37 --------- d-----w C:\Arquivos de programas\Firebird

    2008-02-06 13:36 --------- d-----w C:\Arquivos de programas\Click

    2008-02-05 22:28 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Corel

    2008-02-05 22:17 --------- d-----w C:\Arquivos de programas\UltraISO

    2008-02-05 22:17 --------- d-----w C:\Arquivos de programas\Arquivos comuns\EZB Systems

    2008-02-05 20:55 --------- d-----w C:\Arquivos de programas\Zerosoft

    2008-02-05 20:13 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

    2008-02-05 18:50 --------- d-----w C:\Arquivos de programas\WinAVI Video Converter

    2008-02-05 18:44 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

    2008-02-05 18:41 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Hewlett-Packard

    2008-02-05 18:36 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

    2008-02-05 18:34 --------- d-----w C:\Arquivos de programas\HP

    2008-02-05 18:16 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\InstallShield

    2008-02-03 13:15 --------- d-----w C:\Arquivos de programas\KAIZEN Games

    2008-02-03 11:45 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Stardock

    2008-02-02 22:53 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

    2008-02-02 20:05 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

    2008-02-02 20:02 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

    2008-02-02 17:57 --------- d-----w C:\Arquivos de programas\WinFlip

    2008-02-02 17:57 --------- d-----w C:\Arquivos de programas\VisualTooltip

    2008-02-02 17:57 --------- d-----w C:\Arquivos de programas\ViStart

    2008-02-02 17:57 --------- d-----w C:\Arquivos de programas\Vista Sidebar

    2008-02-02 17:57 --------- d-----w C:\Arquivos de programas\ViOrb

    2008-02-02 17:57 --------- d-----w C:\Arquivos de programas\TrueTransparency

    2008-02-02 17:57 --------- d-----w C:\Arquivos de programas\Styler

    2008-02-02 17:57 --------- d-----w C:\Arquivos de programas\LClock

    2008-02-02 16:47 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

    2008-02-02 16:45 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

    2008-02-02 16:45 --------- d-----w C:\Arquivos de programas\Skype

    2008-02-02 16:45 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Skype

    2008-02-02 14:14 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

    2008-02-01 06:59 --------- d-----w C:\Arquivos de programas\SlySoft

    2008-01-31 22:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

    2008-01-31 22:37 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

    2008-01-30 21:58 --------- d-----w C:\Arquivos de programas\Aurélio - Século XXI

    2008-01-30 21:49 --------- d-----w C:\Arquivos de programas\CyberLink

    2008-01-30 21:47 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Nero

    2008-01-30 21:46 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

    2008-01-30 21:46 --------- d-----w C:\Arquivos de programas\Ahead

    2008-01-30 21:33 --------- d-----w C:\Arquivos de programas\Elaborate Bytes

    2008-01-30 21:33 --------- d-----w C:\Arquivos de programas\Alwil Software

    2008-01-30 21:29 --------- d-----w C:\Arquivos de programas\Realtek

    2008-01-30 21:25 315,392 ----a-w C:\WINDOWS\HideWin.exe

    2008-01-30 21:25 --------- d-----w C:\Arquivos de programas\S3

    2008-01-30 21:12 --------- d-----w C:\Arquivos de programas\microsoft frontpage

    2008-01-30 21:10 --------- d-----w C:\Arquivos de programas\Serviços on-line

    2008-01-30 21:09 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

    2008-01-10 15:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll

    2008-01-10 15:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll

    2007-12-24 15:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-13_13.33.12,56 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2008-03-15 17:30:35 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_510.dat

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & legítimas por defeito não são mostradas.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

    "eMuleAutoStart"="C:\Arquivos de programas\eMule\emule.exe" [2007-05-13 11:57 5308416]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\Arquivos de programas\GbPlugin\gbiehabn.dll [2008-01-14 13:18 346536]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

    C:\Arquivos de programas\GbPlugin\gbiehabn.dll 2008-01-14 13:18 346536 C:\Arquivos de programas\GbPlugin\gbiehabn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

    --a------ 2007-02-28 22:06 2321600 C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

    --------- 2005-05-04 15:43 69632 C:\WINDOWS\Alcmtr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

    --a------ 2004-08-04 00:45 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD]

    C:\Arquivos de programas\SlySoft\AnyDVD\ElbyCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

    --a------ 2006-10-27 00:47 31016 C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

    --a------ 2005-08-11 15:30 249856 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

    --a------ 2005-08-11 15:30 81920 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

    --a------ 2006-12-05 21:55 54832 C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    --------- 2004-10-13 13:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

    --------- 2006-11-23 14:10 56928 C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

    --------- 2007-01-31 15:54 16116224 C:\WINDOWS\RTHDCPL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]

    --a------ 2006-07-11 08:33 176128 C:\WINDOWS\system32\S3Trayp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

    --------- 2006-05-17 15:04 2879488 C:\WINDOWS\SkyTel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]

    --a------ 2006-05-15 04:52 675840 C:\WINDOWS\vsnp2std.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

    -rahs---- 2008-01-28 10:43 2097488 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    --a------ 2005-11-10 13:03 36975 C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]

    --a------ 2007-08-02 21:08 95504 C:\Arquivos de programas\Arquivos comuns\Ulead Systems\AutoDetector\monitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]

    --a------ 2006-07-20 02:04 118784 C:\Arquivos de programas\Ulead Systems\Ulead DVD MovieFactory 5 Plus\Ulead DVD MovieFactory 5\Quick-Drop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

    --a------ 2006-08-03 20:53 53248 C:\WINDOWS\system32\VTTimer.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "C:\\Arquivos de programas\\MessengerDiscovery\\MessengerDiscovery Live.exe"=

    "C:\\Arquivos de programas\\eMule\\emule.exe"=

    "C:\\Arquivos de programas\\KAIZEN Games\\SecondLifeBrasil\\SLVoice.exe"=

    "C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

    "C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

    "C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

    R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe [2004-02-23 00:05]

    R2 PSI_SVC_2;Protexis Licensing V2;"c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15]

    R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 08:58]

    R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe [2004-02-23 00:05]

    R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-09-12 16:43]

    R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-06-06 23:34]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    hpdevmgmt REG_MULTI_SZ hpqcxs08

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58ba056b-d345-11dc-9c1c-001e8c084c61}]

    \Shell\AutoRun\command - E:\ep9otvan.com

    \Shell\explore\Command - E:\ep9otvan.com

    \Shell\open\Command - E:\ep9otvan.com

    .

    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-03-15 14:45:53

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    .

    Tempo para conclusão: 2008-03-15 14:46:26

    ComboFix-quarantined-files.txt 2008-03-15 17:46:18

    .

    2008-03-13 04:20:53 --- E O F ---

    ======================================================

    LOG HIJACKTHIS

    -------------------------

    Logfile of HijackThis v1.99.1

    Scan saved at 14:47:49, on 15/3/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\ARQUIV~1\GbPlugin\GbpSv.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

    C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

    C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

    C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

    C:\WINDOWS\explorer.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Pcket killbox\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

    O11 - Options group: [iNTERNATIONAL] International*

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

    O20 - Winlogon Notify: GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (file missing)

    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)

    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Por gentileza, não use mídias removíveis tais como pendrive, MP3, MP4 durante o processo de desinfecção.

    Desative temporariamente seu antivírus ou qualquer outro software de segurança, tais como firewall, antispyware, etc.

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Quote":

    File::

    C:\i8.com
    C:\rtnlpipu.com
    C:\WINDOWS\system32\tavo0.dll
    C:\1i.com
    C:\autorun.inf

    Registry::

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58ba056b-d345-11dc-9c1c-001e8c084c61}]

    • Salve este arquivo como: CFScript.txt
      cfscriptuq2.gif
    • Tal como exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
    • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.
    • Faça também um novo log do HijackThis para colocar na sua resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • LOG COMBOFIX

    ---------------------------------

    ComboFix 08-03-10.1 - Plinio 2008-03-15 23:54:40.3 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.566 [GMT -3:00]

    Executando de: C:\Documents and Settings\Plinio\Desktop\ComboFix.exe

    Command switches used :: C:\Documents and Settings\Plinio\Desktop\CFScript.txt

    * Criado um novo ponto de restauro

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::

    C:\1i.com

    C:\autorun.inf

    C:\i8.com

    C:\rtnlpipu.com

    C:\WINDOWS\system32\tavo0.dll

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\1i.com

    C:\autorun.inf

    C:\i8.com

    C:\rtnlpipu.com

    C:\WINDOWS\system32\tavo0.dll

    .

    ((((((((((((((((((((((( Ficheiros criados de 2008-02-16 to 2008-03-16 ))))))))))))))))))))))))))))))))

    .

    2008-03-13 20:57 . 2008-03-13 21:09 <DIR> d-------- C:\TEMP

    2008-03-13 20:51 . 2008-03-13 20:51 <DIR> d-------- C:\WINDOWS\Corel

    2008-03-13 20:51 . 2008-03-13 20:51 <DIR> d-------- C:\Arquivos de programas\KnockOut 2

    2008-03-13 20:51 . 2008-03-13 20:51 279 --a------ C:\WINDOWS\PowerReg.dat

    2008-03-13 20:50 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

    2008-03-12 18:44 . 2008-03-12 18:46 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Macromedia

    2008-03-12 18:42 . 2008-03-12 18:46 <DIR> d-------- C:\Arquivos de programas\Macromedia

    2008-03-12 18:42 . 2008-03-12 18:42 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Vbox

    2008-03-11 17:23 . 2008-03-11 17:23 <DIR> d-------- C:\WINDOWS\Downloaded Installations

    2008-03-11 16:42 . 2008-03-11 17:22 <DIR> d-------- C:\Arquivos de programas\Autodesk

    2008-03-11 16:37 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

    2008-03-09 23:47 . 2008-03-09 23:47 <DIR> d-------- C:\Documents and Settings\Carlos Otávio\Dados de aplicativos\Ulead Systems

    2008-03-09 14:58 . 2008-03-09 14:58 38 --a------ C:\WINDOWS\avisplitter.INI

    2008-03-09 14:49 . 2008-03-13 21:21 <DIR> d-------- C:\Documents and Settings\Plinio\Dados de aplicativos\Ulead Systems

    2008-03-09 14:48 . 2008-03-09 14:48 <DIR> d-------- C:\Arquivos de programas\Windows Media Components

    2008-03-09 14:47 . 2008-03-11 17:24 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Ulead Systems

    2008-03-09 14:47 . 2008-03-09 14:47 <DIR> d-------- C:\Arquivos de programas\Ulead Systems

    2008-03-09 14:47 . 2008-03-11 17:25 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ulead Systems

    2008-03-09 11:00 . 2008-03-09 11:00 <DIR> d-------- C:\Documents and Settings\Plinio\Dados de aplicativos\DivX

    2008-03-05 22:11 . 2008-03-05 22:11 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0

    2008-03-05 22:11 . 2008-03-05 22:11 <DIR> d-------- C:\Arquivos de programas\WinAVI Video Converter 9.0

    2008-03-05 21:09 . 2008-03-05 21:09 <DIR> d-------- C:\Documents and Settings\Plinio\Dados de aplicativos\skypePM

    2008-03-05 21:09 . 2008-03-05 22:21 <DIR> d-------- C:\Documents and Settings\Plinio\Dados de aplicativos\Skype

    2008-03-03 06:29 . 2008-03-03 06:29 <DIR> d-------- C:\Arquivos de programas\DVDVideoSoft

    2008-03-03 06:29 . 2008-03-03 06:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft

    2008-03-03 06:29 . 2002-01-05 14:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

    2008-03-02 23:11 . 2008-03-02 23:11 <DIR> d-------- C:\WINDOWS\Sun

    2008-03-02 00:02 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

    2008-03-02 00:02 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

    2008-03-02 00:02 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

    2008-03-01 18:19 . 2008-03-02 17:06 <DIR> d-------- C:\Arquivos de programas\StuffPlug3

    2008-03-01 17:11 . 2008-03-01 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

    2008-03-01 17:11 . 2008-03-01 18:17 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

    2008-03-01 17:09 . 2008-03-02 16:47 <DIR> d-------- C:\Arquivos de programas\MessengerDiscovery

    2008-03-01 17:04 . 2004-08-04 00:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

    2008-03-01 17:03 . 2008-03-01 17:03 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

    2008-03-01 17:02 . 2008-03-01 17:02 <DIR> d-------- C:\WINDOWS\system32\LogFiles

    2008-03-01 17:02 . 2008-03-01 17:03 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

    2008-03-01 14:22 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

    2008-03-01 14:21 . 2008-03-01 14:21 <DIR> d-------- C:\Arquivos de programas\MSBuild

    2008-03-01 14:21 . 2008-03-01 14:21 <DIR> d-------- C:\Arquivos de programas\Microsoft Works

    2008-03-01 14:13 . 2008-03-13 01:20 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

    2008-02-28 22:09 . 2005-11-10 13:03 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl

    2008-02-28 22:08 . 2008-02-28 22:09 <DIR> d-------- C:\Arquivos de programas\Java

    2008-02-28 22:08 . 2008-02-28 22:08 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

    2008-02-28 22:05 . 2008-02-28 22:05 <DIR> d-------- C:\Arquivos de programas\positivo

    2008-02-26 14:10 . 2008-03-01 14:14 <DIR> d-------- C:\Arquivos de programas\7-Zip

    2008-02-25 08:25 . 2008-02-25 08:25 <DIR> d-------- C:\Arquivos de programas\MSXML 6.0

    2008-02-24 17:07 . 2008-03-14 06:42 2,516 --ahs---- C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

    2008-02-24 17:07 . 2008-02-24 17:07 8 -r-hs---- C:\Documents and Settings\All Users\Dados de aplicativos\F4052AFDC4.sys

    2008-02-24 17:06 . 2008-02-24 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Corel

    2008-02-24 17:06 . 2008-02-24 17:06 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Protexis

    2008-02-24 15:46 . 2008-02-24 15:46 <DIR> d-------- C:\PenClean

    2008-02-20 17:26 . 2008-03-15 14:50 <DIR> d-------- C:\Pcket killbox

    2008-02-16 11:12 . 2004-08-03 22:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys

    2008-02-16 11:12 . 2004-08-03 22:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-03-15 17:30 --------- d-----w C:\Arquivos de programas\eMule

    2008-03-14 20:16 --------- d-----w C:\Arquivos de programas\NetScream

    2008-03-13 15:04 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

    2008-03-12 21:46 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

    2008-03-11 20:24 --------- d-----w C:\Arquivos de programas\Corel

    2008-03-01 21:21 --------- d-----w C:\Arquivos de programas\MSN Messenger

    2008-03-01 20:16 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

    2008-03-01 20:11 --------- d-----w C:\Arquivos de programas\Windows Live

    2008-02-29 01:04 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

    2008-02-24 20:07 --------- d-----w C:\Documents and Settings\Plinio\Dados de aplicativos\Corel

    2008-02-21 21:45 --------- d-----w C:\Arquivos de programas\Bonjour

    2008-02-16 00:22 --------- d-----w C:\Arquivos de programas\GbPlugin

    2008-02-15 22:21 --------- d-----w C:\Documents and Settings\Plinio\Dados de aplicativos\NCH Swift Sound

    2008-02-15 22:21 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound

    2008-02-15 22:21 --------- d-----w C:\Arquivos de programas\NCH Swift Sound

    2008-02-11 20:37 --------- d-----w C:\Arquivos de programas\PC Inspector File Recovery

    2008-02-10 01:51 --------- d-----w C:\Arquivos de programas\MSXML 4.0

    2008-02-06 14:37 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

    2008-02-06 13:37 --------- d-----w C:\Arquivos de programas\Firebird

    2008-02-06 13:36 --------- d-----w C:\Arquivos de programas\Click

    2008-02-05 22:28 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Corel

    2008-02-05 22:17 --------- d-----w C:\Arquivos de programas\UltraISO

    2008-02-05 22:17 --------- d-----w C:\Arquivos de programas\Arquivos comuns\EZB Systems

    2008-02-05 20:55 --------- d-----w C:\Arquivos de programas\Zerosoft

    2008-02-05 20:13 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

    2008-02-05 18:50 --------- d-----w C:\Arquivos de programas\WinAVI Video Converter

    2008-02-05 18:44 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

    2008-02-05 18:41 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Hewlett-Packard

    2008-02-05 18:36 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

    2008-02-05 18:34 --------- d-----w C:\Arquivos de programas\HP

    2008-02-05 18:16 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\InstallShield

    2008-02-03 13:15 --------- d-----w C:\Arquivos de programas\KAIZEN Games

    2008-02-03 11:45 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Stardock

    2008-02-02 22:53 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

    2008-02-02 20:05 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

    2008-02-02 20:02 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

    2008-02-02 17:57 --------- d-----w C:\Arquivos de programas\WinFlip

    2008-02-02 17:57 --------- d-----w C:\Arquivos de programas\VisualTooltip

    2008-02-02 17:57 --------- d-----w C:\Arquivos de programas\ViStart

    2008-02-02 17:57 --------- d-----w C:\Arquivos de programas\Vista Sidebar

    2008-02-02 17:57 --------- d-----w C:\Arquivos de programas\ViOrb

    2008-02-02 17:57 --------- d-----w C:\Arquivos de programas\TrueTransparency

    2008-02-02 17:57 --------- d-----w C:\Arquivos de programas\Styler

    2008-02-02 17:57 --------- d-----w C:\Arquivos de programas\LClock

    2008-02-02 16:47 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

    2008-02-02 16:45 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

    2008-02-02 16:45 --------- d-----w C:\Arquivos de programas\Skype

    2008-02-02 16:45 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Skype

    2008-02-02 14:14 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

    2008-02-01 06:59 --------- d-----w C:\Arquivos de programas\SlySoft

    2008-01-31 22:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

    2008-01-31 22:37 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

    2008-01-30 21:58 --------- d-----w C:\Arquivos de programas\Aurélio - Século XXI

    2008-01-30 21:49 --------- d-----w C:\Arquivos de programas\CyberLink

    2008-01-30 21:47 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Nero

    2008-01-30 21:46 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

    2008-01-30 21:46 --------- d-----w C:\Arquivos de programas\Ahead

    2008-01-30 21:33 --------- d-----w C:\Arquivos de programas\Elaborate Bytes

    2008-01-30 21:33 --------- d-----w C:\Arquivos de programas\Alwil Software

    2008-01-30 21:29 --------- d-----w C:\Arquivos de programas\Realtek

    2008-01-30 21:25 315,392 ----a-w C:\WINDOWS\HideWin.exe

    2008-01-30 21:25 --------- d-----w C:\Arquivos de programas\S3

    2008-01-30 21:12 --------- d-----w C:\Arquivos de programas\microsoft frontpage

    2008-01-30 21:10 --------- d-----w C:\Arquivos de programas\Serviços on-line

    2008-01-30 21:09 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

    2008-01-10 15:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll

    2008-01-10 15:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll

    2007-12-24 15:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-13_13.33.12,56 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2008-03-15 17:30:35 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_510.dat

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & legítimas por defeito não são mostradas.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

    "eMuleAutoStart"="C:\Arquivos de programas\eMule\emule.exe" [2007-05-13 11:57 5308416]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\Arquivos de programas\GbPlugin\gbiehabn.dll [2008-01-14 13:18 346536]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

    C:\Arquivos de programas\GbPlugin\gbiehabn.dll 2008-01-14 13:18 346536 C:\Arquivos de programas\GbPlugin\gbiehabn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

    --a------ 2007-02-28 22:06 2321600 C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

    --------- 2005-05-04 15:43 69632 C:\WINDOWS\Alcmtr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

    --a------ 2004-08-04 00:45 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD]

    C:\Arquivos de programas\SlySoft\AnyDVD\ElbyCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

    --a------ 2006-10-27 00:47 31016 C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

    --a------ 2005-08-11 15:30 249856 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

    --a------ 2005-08-11 15:30 81920 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

    --a------ 2006-12-05 21:55 54832 C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    --------- 2004-10-13 13:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

    --------- 2006-11-23 14:10 56928 C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

    --------- 2007-01-31 15:54 16116224 C:\WINDOWS\RTHDCPL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]

    --a------ 2006-07-11 08:33 176128 C:\WINDOWS\system32\S3Trayp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

    --------- 2006-05-17 15:04 2879488 C:\WINDOWS\SkyTel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]

    --a------ 2006-05-15 04:52 675840 C:\WINDOWS\vsnp2std.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

    -rahs---- 2008-01-28 10:43 2097488 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    --a------ 2005-11-10 13:03 36975 C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]

    --a------ 2007-08-02 21:08 95504 C:\Arquivos de programas\Arquivos comuns\Ulead Systems\AutoDetector\monitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]

    --a------ 2006-07-20 02:04 118784 C:\Arquivos de programas\Ulead Systems\Ulead DVD MovieFactory 5 Plus\Ulead DVD MovieFactory 5\Quick-Drop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

    --a------ 2006-08-03 20:53 53248 C:\WINDOWS\system32\VTTimer.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "C:\\Arquivos de programas\\MessengerDiscovery\\MessengerDiscovery Live.exe"=

    "C:\\Arquivos de programas\\eMule\\emule.exe"=

    "C:\\Arquivos de programas\\KAIZEN Games\\SecondLifeBrasil\\SLVoice.exe"=

    "C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

    "C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

    "C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

    R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe [2004-02-23 00:05]

    R2 PSI_SVC_2;Protexis Licensing V2;"c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15]

    R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 08:58]

    R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe [2004-02-23 00:05]

    R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-09-12 16:43]

    R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-06-06 23:34]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    hpdevmgmt REG_MULTI_SZ hpqcxs08

    .

    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-03-15 23:57:22

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    .

    Tempo para conclusão: 2008-03-15 23:57:57

    ComboFix-quarantined-files.txt 2008-03-16 02:57:42

    ComboFix2.txt 2008-03-15 17:46:26

    .

    2008-03-13 04:20:53 --- E O F ---

    ----------------------------------------------------------------------

    LOG HIJACKTHIS

    --------------------------

    Logfile of HijackThis v1.99.1

    Scan saved at 00:00:14, on 16/3/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\ARQUIV~1\GbPlugin\GbpSv.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

    C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

    C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

    C:\WINDOWS\System32\alg.exe

    C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

    C:\WINDOWS\explorer.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\Pcket killbox\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

    O11 - Options group: [iNTERNATIONAL] International*

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

    O20 - Winlogon Notify: GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (file missing)

    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)

    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Você usa mídias removíveis tais como pendrive, MP3, MP4?

    Faça um Online Scan em kaspersky Virusscanner

    • Clique em Clipboard01-1.jpg
    • Quando questionando para instalar o componente ActiveX, clique em Clipboard015.jpg
    • Aguarde a instalação e a actualização e depois clique em Clipboard013.jpg
    • Clique agora em Clipboard016.jpg
    • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
      • Scan using the following Anti-Virus database:

        Extended (if available otherwise Standard)

      • Scan Options:

        Scan Archives
        Scan Mail Bases

      [*]Clique Clipboard014.jpg

      [*]Clique em My Computer para que seja feito um Scan completo no seu Sistema.

      [*]Será iniciado o scan e poderá demorar um pouco. Seja paciente e aguarde.

      [*]No final do Scan, clique no botão Save as Text

      [*]Salve o log com os resultados e poste na sua próxima resposta.

      [*]Gere e cole também um novo log do HijackThis.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Bom dia Renato. Respondendo sua pergunta, eu uso diariamente pendrive sim... acho que seria necessário eu passar o Combofix no outro computador que utilizo não? Quanto às últimas instruções, algo não saiu como planejado pois deu perda em um arquivo e nem pude entrar no windows em modo de segurança sendo que tive que formatar meu PC ontem devido a esse problema. Ontem quando fazia o backup dos meus arquivos no PC de um amigo ele acabou sendo infectado pelo tal do Kavo tb.... não sei mais o que fazer para eliminar de vez esse vírus, acho que o jeito é conviver com ele mesmo... Obrigado, quando chegar em casa vou seguir as últimas instruções passadas.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    A última instrução era um scan online com o Kaspersky, nunca ouvi falar de ter problema com isso, poderia explicar melhor o que houve? Se for um problema da Kaspersky eu já reporto o problema para não se repetir, mas dúvido que seja esse o caso.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×