Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
bruno21101

URGENTE! Email-Worm.Win32.Brontok.c

Recommended Posts

Olá!

por favor galera preciso da ajuda de vocês!

meu pendrive pegou um virus q se mutiplica automaticamente, ele cia um .EXE dentro de cada pasta criada no pendrive, com o mesmo nome(exemplo ESTUDO.EXE)....eu desativei o antivirus para pode acessar o pendrive e agora infectou meu windows, depois q ativei o antivirus ele excluiu e desisnffectou muitos arquivos, mas não conseguiu desinsfectar 3, que são arquivos utilizados, pelo sistema, a img abaixo mostra eles

virus203.png

o kaspersky manda pra essa pagina:

http://www.viruslist.com/en/search?VN=Email-Worm.Win32.Brontok.q&referer=kav

e lá n tem nada de como resolver!

eu vou por o log aqui em baixo pra facilitar a vida de vocês!

PS: caso tenha muita coisa, descupe pois uso muito o pc!

Logfile of HijackThis v1.99.1

Scan saved at 00:05, on 25/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\GizmoPlugin\GizmoPlugin.exe

C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nutsrv4.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\PostgreSQL\8.2\bin\pg_ctl.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\NetLimiter\NetLimiter.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\rnamfler\naomf.exe

C:\Arquivos de programas\RocketDock\RocketDock.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\rnamfler\naofsvc.exe

C:\Arquivos de programas\PostgreSQL\8.2\bin\postgres.exe

c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

C:\WINDOWS\DvzCommon\DvzMsgr.exe

c:\arquivos de programas\rnamfler\radprcmp.exe

C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

C:\Arquivos de programas\PostgreSQL\8.2\bin\postgres.exe

C:\WINDOWS\system32\vmnat.exe

C:\Arquivos de programas\PostgreSQL\8.2\bin\postgres.exe

C:\Arquivos de programas\PostgreSQL\8.2\bin\postgres.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\ARQUIV~1\MOZILL~1\FIREFOX.EXE

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Bruno2110\Desktop\Download\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

O1 - Hosts: 127.255.255.255 www.alcohol-soft.com

O1 - Hosts: 127.255.255.255 images.alcohol-soft.com

O1 - Hosts: 127.255.255.255 trial.alcohol-soft.com

O1 - Hosts: 72.232.248.67 www.p2mbrasil.com

O1 - Hosts: 85.17.162.92 www.cpturbo.org

O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.n

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\ARQUIV~1\FlashGet\jccatch.dll

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Arquivos de programas\Siber Systems\AI

RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de

programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos

comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - (no file)

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Arquivos de programas\Siber Systems\AI

RoboForm\roboform.dll

O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)

O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)

O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Arquivos de programas\ReGet Deluxe 5.1

Beta\IEBar.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [NetLimiter] C:\Arquivos de programas\NetLimiter\NetLimiter.exe /s

O4 - HKLM\..\Run: [kav] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [LogonStudio] "C:\Arquivos de programas\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [wrna3ls] C:\Arquivos de programas\rnamfler\naomf.exe

O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spyware Doctor] "F:\Programas\Programas Portables\Portable Spyware Doctor

4.0.0.2620\SpywareDoctor\swdoctor.exe" /Q

O4 - Startup: Gerenciador do HotSync.lnk = C:\Arquivos de programas\Palm\HOTSYNC.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: Barra de Ferramentas do RF - file://C:\Arquivos de programas\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Personalizar Menu - file://C:\Arquivos de programas\Siber Systems\AI

RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Preencher - file://C:\Arquivos de programas\Siber Systems\AI

RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Salvar Formulários - file://C:\Arquivos de programas\Siber Systems\AI

RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF

Catcher\InternetExplorer.htm

O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Arquivos de

programas\iMacros\imacros.dll

O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Arquivos de

programas\iMacros\imacros.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de

programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de

programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Antivírus para Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky

Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Preencher - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Arquivos de programas\Siber

Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Preencher - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Arquivos de programas\Siber

Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Salvar - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Arquivos de programas\Siber Systems\AI

RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Salvar Formulários - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Arquivos de

programas\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Arquivos de programas\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: Barra de Ferramentas do RF - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Arquivos de

programas\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de

programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de

programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Bruno2110\Menu

Iniciar\Programas\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos

comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de

programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file

missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de

programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de

programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156262813328

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -

https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\..\{A2DA23DE-F52E-421D-AF4D-A4A0519E636A}: NameServer = 192.168.1.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos

comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O20 - Winlogon Notify: softpub32 - C:\WINDOWS\SYSTEM32\softpub32.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVP - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. -

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de

programas\Firebird\Firebird_2_0\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de

programas\Firebird\Firebird_2_0\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision

Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Arquivos de programas\GizmoPlugin\GizmoPlugin.exe

O23 - Service: IBExpertBackupRestore - Unknown owner - C:\Arquivos de

programas\HK-Software\IBExpertBackupRestore\hkIBRS.exe (file missing)

O23 - Service: IBExpertJobScheduler - Unknown owner - C:\Arquivos de

programas\HK-Software\IBExpertJobScheduler\hkJS.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos

comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Arquivos de

programas\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Arquivos de

programas\Borland\InterBase\bin\ibserver.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Arquivos de programas\Microsoft

SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)

O23 - Service: NuTCRACKERService - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - Unknown owner - C:\Arquivos de

programas\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -w -N "pgsql-8.2" -D "C:\Arquivos de programas\PostgreSQL\8.2\data\

(file missing)

O23 - Service: RdnaoFlSvc - Unknown owner - C:\Arquivos de programas\rnamfler\naofsvc.exe

O23 - Service: Remote execution service (RemoteExec) - Unknown owner - C:\WINDOWS\vnc-remote-exec.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -

%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Apache Tomcat (Tomcat6) - Unknown owner - C:\Arquivos de programas\Apache Software Foundation\Tomcat

6.0\bin\tomcat6.exe" //RS//Tomcat6 (file missing)

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Arquivos de

programas\TuneUp Utilities 2006\WinStylerThemeSvc.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware

Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos

comuns\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

estou no aguardo!

obrigado desde já!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! bruno21101

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite as proteções residente de: antivírus,antispywares e Firewall.

>@< Feche todas as janelas e execute a ferramenta!

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

-----------------------

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • RELATORIO ComboFix:

    ________________________________________________________

    ComboFix 08-04-24.1 - Bruno2110 2008-04-25 22:42:07.2 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.203 [GMT -3:00]

    Executando de: C:\Documents and Settings\Bruno2110\Desktop\Download\ComboFix.exe

    * Criado um novo ponto de restauro

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    The following files were disabled during the run:

    C:\Arquivos de programas\rnamfler\radprlib.dll

    C:\Arquivos de programas\rnamfler\radhslib.dll

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\Documents and Settings\Bruno2110\Dados de aplicativos\inst.exe

    C:\WINDOWS\system32\bpkwb.dll

    C:\WINDOWS\system32\Cfx32.lic

    C:\WINDOWS\system32\cfx32.ocx

    C:\WINDOWS\system32\drivers\down

    .

    ((((((((((((((((((((((( Ficheiros criados de 2008-03-26 to 2008-04-26 ))))))))))))))))))))))))))))))))

    .

    2008-04-24 09:07 . 2008-04-24 09:07 <DIR> d-------- C:\Documents and Settings\ProjetosNetBeans\ProjetoModelo

    2008-04-23 23:30 . 2008-04-23 23:31 <DIR> d-------- C:\Documents and Settings\ProjetosNetBeans\MeuProjeto

    2008-04-23 23:30 . 2008-04-24 09:07 <DIR> d-------- C:\Documents and Settings\ProjetosNetBeans

    2008-04-23 22:55 . 2008-04-23 23:05 15,360 --a------ C:\Documents and SettingsBruno2110Meus documentosTechSellScripBanco(AutoIncrement).sql

    2008-04-22 23:45 . 2008-04-22 23:45 <DIR> d--hs---- C:\WINDOWS\ftpcache

    2008-04-22 23:44 . 2008-04-22 23:44 <DIR> d-------- C:\Documents and Settings\Bruno2110\Dados de aplicativos\Blumentals

    2008-04-22 23:44 . 2008-04-22 23:44 <DIR> d-------- C:\Arquivos de programas\Rapid CSS 2007

    2008-04-22 12:18 . 2008-04-22 12:21 <DIR> d-------- C:\Arquivos de programas\PHPRunner4.2

    2008-04-22 12:02 . 2008-04-22 12:02 <DIR> d-------- C:\Arquivos de programas\ASP Report Maker 2

    2008-04-22 11:58 . 2008-04-22 11:58 <DIR> d-------- C:\Arquivos de programas\PHPMaker 5

    2008-04-22 11:55 . 2008-04-22 11:55 <DIR> d-------- C:\Arquivos de programas\ASPMaker 6

    2008-04-22 11:54 . 2008-04-22 11:55 <DIR> d-------- C:\WINDOWS\system32\drivers\setup

    2008-04-22 05:01 . 2008-04-22 05:01 <DIR> d-------- C:\Arquivos de programas\ASP.NET Maker 3

    2008-04-22 05:01 . 2008-04-22 05:01 0 --a------ C:\WINDOWS\system32\UNWISE.INI

    2008-04-22 04:43 . 2008-04-22 13:03 <DIR> d-------- C:\Arquivos de programas\PayPal Shop Maker 3

    2008-04-22 04:43 . 2007-12-17 18:23 1,136,640 --a------ C:\Arquivos de programas\Arquivos comuns\ewutils2.dll

    2008-04-22 04:37 . 2008-04-22 12:02 <DIR> d-------- C:\Arquivos de programas\Windows Script Control

    2008-04-22 04:37 . 2008-04-22 04:37 <DIR> d-------- C:\Arquivos de programas\JSPMaker

    2008-04-22 04:37 . 2008-04-22 12:02 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\e.World

    2008-04-22 04:37 . 2002-07-26 17:02 153,088 --a------ C:\WINDOWS\system32\UNWISE.EXE

    2008-04-22 04:06 . 2008-04-22 12:21 298 --a------ C:\WINDOWS\PHPRunner.INI

    2008-04-22 03:58 . 2008-04-22 03:59 5,120 --a------ C:\Documents and SettingsBruno2110Meus documentosBruno v.r.aOrganizandoCursosCurso_Ajax_Imasters_by_spylinuxa.sql

    2008-04-22 03:00 . 2008-04-22 03:00 <DIR> d--h----- C:\Documents and Settings\All Users\Dados de aplicativos\{A526BBD6-4321-4B38-BF34-B3C9B982DA32}

    2008-04-21 22:03 . 2008-04-21 22:03 <DIR> d-------- C:\Arquivos de programas\LogoEase

    2008-04-18 02:31 . 2008-04-18 02:33 <DIR> d-------- C:\Arquivos de programas\Restaurante

    2008-04-18 02:31 . 1999-02-17 15:04 417,792 --a------ C:\WINDOWS\system32\MsRepl35.dll

    2008-04-18 02:31 . 1998-04-07 12:53 386,048 --a------ C:\WINDOWS\system32\CTKLIB.OCX

    2008-04-18 02:31 . 1997-07-19 13:15 166,160 --a------ C:\WINDOWS\system32\MSMASK32.OCX

    2008-04-18 02:31 . 1997-07-19 13:15 97,552 --a------ C:\WINDOWS\system32\MSCOMM32.OCX

    2008-04-18 02:31 . 1996-12-04 20:15 77,824 --a------ C:\WINDOWS\system32\ODBCTL32.dll

    2008-04-18 02:31 . 1996-06-13 18:39 53,760 --a------ C:\WINDOWS\system32\ZLIBTOOL.OCX

    2008-04-18 02:30 . 1997-01-15 20:15 71,680 --a------ C:\WINDOWS\ST5UNST.EXE

    2008-04-17 11:35 . 2008-04-17 11:41 <DIR> d-------- C:\Documents and Settings\Bruno2110\TechSell

    2008-04-15 14:21 . 2008-04-15 14:21 <DIR> d-------- C:\spoolerlogs

    2008-04-14 22:33 . 2008-04-14 22:38 <DIR> d-------- C:\Arquivos de programas\Parental Filter

    2008-04-14 22:17 . 2008-04-25 01:53 <DIR> dr-h----- C:\Arquivos de programas\rnamfler

    2008-04-14 21:40 . 2005-02-20 17:59 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX

    2008-04-14 21:40 . 2005-02-20 17:59 78,848 --a------ C:\WINDOWS\system32\MSBIND.DLL

    2008-04-14 21:40 . 2005-02-20 17:59 34,304 --a------ C:\WINDOWS\system32\ntsvc.ocx

    2008-04-10 09:20 . 2008-04-10 09:20 <DIR> d-------- C:\Documents and Settings\Bruno2110\Dados de aplicativos\Likno

    2008-04-10 09:19 . 2008-04-24 23:37 <DIR> d-------- C:\Arquivos de programas\AllWebMenus5

    2008-04-10 09:19 . 1998-06-17 23:00 49,152 --a------ C:\WINDOWS\system32\MSCDRUN.DLL

    2008-04-10 09:15 . 2008-04-10 09:15 <DIR> d-------- C:\Documents and Settings\Bruno2110\Dados de aplicativos\Cover Expert

    2008-04-09 20:36 . 2008-04-09 20:36 <DIR> d-------- C:\Documents and Settings\Bruno2110\Dados de aplicativos\PC Tools

    2008-04-09 19:37 . 2008-04-09 19:37 53,248 --a------ C:\WINDOWS\system32\suppdll.dll

    2008-04-09 19:37 . 2008-04-09 19:37 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys

    2008-04-09 03:01 . 2008-04-09 03:03 1,355 --a------ C:\WINDOWS\imsins.BAK

    2008-04-06 20:21 . 2008-04-06 20:21 <DIR> d-------- C:\Documents and Settings\Bruno2110\EducNet

    2008-04-03 01:06 . 2008-04-03 01:06 <DIR> d-------- C:\Arquivos de programas\Snort

    2008-04-03 00:58 . 2007-09-17 13:07 513,536 --a------ C:\WINDOWS\system32\afskillproc.exe

    2008-04-01 22:38 . 2008-04-01 22:38 <DIR> d-------- C:\Arquivos de programas\SpeedFan

    2008-04-01 22:38 . 2008-04-01 22:38 45 --a------ C:\WINDOWS\system32\initdebug.nfo

    2008-03-30 23:19 . 2008-03-30 23:19 156 --a------ C:\WINDOWS\Twunk001.MTX

    2008-03-30 23:19 . 2008-03-30 23:19 2 --a------ C:\WINDOWS\Twain001.Mtx

    2008-03-30 23:19 . 2008-03-30 23:19 0 --a------ C:\WINDOWS\Twunk002.MTX

    2008-03-27 22:37 . 2008-03-27 22:37 <DIR> d-------- C:\GrabbedStuff

    2008-03-27 22:37 . 2008-03-27 22:38 <DIR> d-------- C:\Arquivos de programas\GMT 2.50

    2008-03-27 01:11 . 2008-03-27 01:13 1,254 --a------ C:\WINDOWS\vpd.properties

    2008-03-27 01:10 . 2008-03-27 01:10 <DIR> d-------- C:\Arquivos de programas\IBM

    2008-03-27 00:05 . 2008-03-27 00:05 0 --a------ C:\WINDOWS\QuickInstall.INI

    2008-03-26 23:59 . 2008-03-26 23:59 <DIR> d-------- C:\WINDOWS\DvzCommon

    2008-03-26 23:59 . 2008-04-06 19:24 <DIR> d-------- C:\Arquivos de programas\Documents To Go

    2008-03-26 23:58 . 2008-03-26 23:58 <DIR> d-------- C:\Documents and Settings\Bruno2110\Dados de aplicativos\Leadertech

    2008-03-26 23:46 . 2008-03-27 01:18 <DIR> d-------- C:\Arquivos de programas\Palm

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-04-26 01:48 46,760,480 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

    2008-04-26 01:48 1,722,400 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

    2008-04-26 00:49 --------- d-----w C:\Documents and Settings\Bruno2110\Dados de aplicativos\Cribbage

    2008-04-25 22:36 --------- d-----w C:\Documents and Settings\Bruno2110\Dados de aplicativos\VMware

    2008-04-25 22:24 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\VMware

    2008-04-25 03:41 --------- d-----w C:\Arquivos de programas\LogMeIn

    2008-04-25 02:51 --------- d-----w C:\Arquivos de programas\Kaspersky Lab

    2008-04-25 02:47 --------- d-----w C:\Documents and Settings\NetworkService\Dados de aplicativos\VMware

    2008-04-24 03:33 --------- d-----w C:\Documents and Settings\Bruno2110\Dados de aplicativos\Skype

    2008-04-24 03:24 --------- d-----w C:\Documents and Settings\Bruno2110\Dados de aplicativos\skypePM

    2008-04-24 02:34 620,252 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

    2008-04-24 02:34 162,704 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

    2008-04-24 01:51 --------- d-----w C:\Documents and Settings\Bruno2110\Dados de aplicativos\Thinstall

    2008-04-24 00:44 --------- d-----w C:\Arquivos de programas\FlashGet

    2008-04-23 00:26 --------- d-----w C:\Documents and Settings\Bruno2110\Dados de aplicativos\uTorrent

    2008-04-22 16:40 --------- d-----w C:\Arquivos de programas\Scoop2004

    2008-04-22 07:20 --------- d-----w C:\Arquivos de programas\DreMule

    2008-04-20 20:59 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

    2008-04-18 16:35 --------- d-----w C:\Documents and Settings\Bruno2110\Dados de aplicativos\DBDesigner4

    2008-04-13 23:52 --------- d-----w C:\Arquivos de programas\Apache Software Foundation

    2008-04-12 00:49 107,132 ----a-w C:\WINDOWS\UninstallFirefox.exe

    2008-04-06 04:22 --------- d-----w C:\Arquivos de programas\Google Hacks

    2008-04-05 20:11 --------- d-----w C:\Documents and Settings\Bruno2110\Dados de aplicativos\BSplayer Pro

    2008-04-03 02:57 --------- d-----w C:\Arquivos de programas\MegaCubo

    2008-04-03 01:12 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

    2008-03-27 03:24 --------- d-----w C:\Documents and Settings\Bruno2110\Dados de aplicativos\ArcSoft

    2008-03-27 02:55 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

    2008-03-26 16:29 --------- d-----w C:\Documents and Settings\postgres.BRUNO.000\Dados de aplicativos\VMware

    2008-03-26 00:14 --------- d-----w C:\Documents and Settings\Bruno2110\Dados de aplicativos\VoipRaider

    2008-03-25 00:43 --------- d-----w C:\Documents and Settings\Bruno2110\Dados de aplicativos\SMSlisto

    2008-03-24 04:47 --------- d-----w C:\Documents and Settings\Bruno2110\Dados de aplicativos\Vso

    2008-03-22 02:35 --------- d-----w C:\Arquivos de programas\Lacart

    2008-03-22 02:32 --------- d-----w C:\Arquivos de programas\Lacart Light

    2008-03-22 02:07 --------- d-----w C:\Arquivos de programas\OnBIT

    2008-03-22 02:07 --------- d-----w C:\Arquivos de programas\Controle de Estoque

    2008-03-21 20:10 --------- d-----w C:\Arquivos de programas\MoorHunt

    2008-03-21 18:41 --------- d-----w C:\Arquivos de programas\Java

    2008-03-20 19:43 --------- d-----w C:\Arquivos de programas\RocketDock

    2008-03-20 19:43 --------- d-----w C:\Arquivos de programas\Google

    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

    2008-03-20 02:13 --------- d-----w C:\Documents and Settings\Bruno2110\Dados de aplicativos\MySQL

    2008-03-19 02:26 20,480 ----a-w C:\WINDOWS\system32\H@tKeysH@@k.DLL

    2008-03-11 15:04 --------- d-----w C:\Arquivos de programas\WebSite X5 Evolution

    2008-03-11 12:06 --------- d-----w C:\Arquivos de programas\CoffeeCup Software

    2008-03-03 01:57 --------- d-----w C:\Documents and Settings\Bruno2110\Dados de aplicativos\Nitro PDF

    2008-03-02 05:41 --------- d-----w C:\Arquivos de programas\vso

    2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

    2008-02-29 02:29 --------- d-----w C:\Documents and Settings\Bruno2110\Dados de aplicativos\JustVoip

    2008-02-28 15:27 --------- d-----w C:\Arquivos de programas\netbeans-5.5.1

    2008-02-28 00:50 --------- d-----w C:\Documents and Settings\LocalService\Dados de aplicativos\VMware

    2008-02-26 06:01 --------- d-----w C:\Arquivos de programas\MSXML 6.0

    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

    2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

    2007-12-05 22:19 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

    2007-04-23 06:06 47,360 ----a-w C:\Documents and Settings\Bruno2110\Dados de aplicativos\pcouffin.sys

    2007-01-25 17:00 18,872 ----a-w C:\Documents and Settings\Bruno2110\Dados de aplicativos\GDIPFONTCACHEV1.DAT

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & legítimas por defeito não são mostradas.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RocketDock"="C:\Arquivos de programas\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

    "MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

    "Spyware Doctor"="F:\Programas\Programas Portables\Portable Spyware Doctor 4.0.0.2620\SpywareDoctor\swdoctor.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SoundMan"="SOUNDMAN.EXE" [2005-06-20 10:42 77824 C:\WINDOWS\SOUNDMAN.EXE]

    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 17:22 7618560]

    "nwiz"="nwiz.exe" [2006-06-01 17:22 1519616 C:\WINDOWS\system32\nwiz.exe]

    "NvMediaCenter"="NvMCTray.dll" [2006-06-01 17:22 86016 C:\WINDOWS\system32\nvmctray.dll]

    "NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]

    "LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03 63048]

    "NetLimiter"="C:\Arquivos de programas\NetLimiter\NetLimiter.exe" [2004-03-31 15:23 823296]

    "kav"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 19:09 139367]

    "LogonStudio"="C:\Arquivos de programas\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]

    "OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 02:08 2512392]

    "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

    "wrna3ls"="C:\Arquivos de programas\rnamfler\naomf.exe" [2006-04-01 10:45 1253448]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

    C:\Documents and Settings\Bruno2110\Menu Iniciar\Programas\Inicializar\

    Gerenciador do HotSync.lnk - C:\Arquivos de programas\Palm\HOTSYNC.EXE [2003-07-29 21:22:16 299008]

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

    Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 03:05:26 29696]

    DataViz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe [2003-07-01 21:16:46 24576]

    Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

    "DisableClock"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "LWA"= 0 (0x0)

    "LWB"= 0 (0x0)

    "LWC"= 0 (0x0)

    "LWD"= 0 (0x0)

    "LWE"= 0 (0x0)

    "LWF"= 0 (0x0)

    "LWG"= 0 (0x0)

    "LWH"= 0 (0x0)

    "LWI"= 0 (0x0)

    "LWJ"= 0 (0x0)

    "LWK"= 0 (0x0)

    "LWL"= 0 (0x0)

    "LWM"= 0 (0x0)

    "LWN"= 0 (0x0)

    "LWO"= 0 (0x0)

    "LWP"= 0 (0x0)

    "LWQ"= 0 (0x0)

    "LWR"= 0 (0x0)

    "LWS"= 0 (0x0)

    "LWT"= 0 (0x0)

    "LWU"= 0 (0x0)

    "LWV"= 0 (0x0)

    "LWW"= 0 (0x0)

    "LWX"= 0 (0x0)

    "LWY"= 0 (0x0)

    "LWZ"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

    "UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

    LMIinit.dll 2007-11-22 20:04 87352 C:\WINDOWS\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\softpub32]

    softpub32.dll 2004-01-07 22:13 8192 C:\WINDOWS\system32\softpub32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "VIDC.X264"= x264vfw.dll

    "VIDC.3iv2"= 3ivxVfWCodec.dll

    "VIDC.SP54"= SP5X_32.DLL

    "VIDC.SP55"= SP5X_32.DLL

    "VIDC.SP56"= SP5X_32.DLL

    "VIDC.SP57"= SP5X_32.DLL

    "VIDC.SP58"= SP5X_32.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

    "Firebird"=C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe -a

    "GetTube Update"=C:\Arquivos de programas\GetTube\liveupdate.exe /m

    "NuTCSetupEnviron"=C:\Arquivos de programas\Rational\Rational Test\nutcroot\bin\ncoeenv.exe

    "Vistadrv"=C:\Arquivos de programas\VistaDrives\vsdrv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

    "C:\\Arquivos de programas\\eMule\\eMule.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "C:\\Arquivos de programas\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"=

    "C:\\Arquivos de programas\\Gizmo Project\\mDNSResponder.exe"=

    "C:\\Arquivos de programas\\Gizmo Project\\Gizmo.exe"=

    "C:\\Arquivos de programas\\XtenNetworksInc\\eyeBeam\\eyeBeam.exe"=

    "C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

    "C:\\Arquivos de programas\\uTorrent\\utorrent.exe"=

    "C:\\Arquivos de programas\\SopCast\\SopCast.exe"=

    "C:\\Arquivos de programas\\TVUPlayer\\TVUPlayer.exe"=

    "C:\\Documents and Settings\\Bruno2110\\Dados de aplicativos\\SopCast\\adv\\SopAdver.exe"=

    "C:\\Arquivos de programas\\Scoop2004\\mirc.exe"=

    "C:\\Arquivos de programas\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=

    "C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

    "C:\\Documents and Settings\\Bruno2110\\Desktop\\Desktop\\NRPG RatioMaster.exe"=

    "C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=

    "C:\\Arquivos de programas\\GizmoPlugin\\GizmoPlugin.exe"=

    "C:\\Arquivos de programas\\CallIT\\adphone\\ADPHONE.exe"=

    "C:\\Arquivos de programas\\Pando Networks\\Pando\\pando.exe"=

    "C:\\Arquivos de programas\\iPhox\\iPhox.exe"=

    "C:\\Arquivos de programas\\Joost\\xulrunner\\tvprunner.exe"=

    "C:\\Arquivos de programas\\CallIT\\adphone\\ADPHONETuner.exe"=

    "C:\\Arquivos de programas\\CounterPath\\X-Lite\\x-lite.exe"=

    "C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

    "C:\\Arquivos de programas\\Last.fm\\LastFM.exe"=

    "C:\\Arquivos de programas\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=

    "C:\\Arquivos de programas\\Windows Media Player\\wmplayer.exe"=

    "C:\\Arquivos de programas\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=

    "C:\\Arquivos de programas\\DreMule\\emule.exe"=

    "C:\\eclipse\\eclipse.exe"=

    "C:\\Arquivos de programas\\JustVoip.com\\JustVoip\\JustVoip.exe"=

    "C:\\Arquivos de programas\\Java\\jre1.6.0_03\\bin\\javaw.exe"=

    "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

    "C:\\Arquivos de programas\\HTV\\HTV.exe"=

    "C:\\Arquivos de programas\\Firebird\\Firebird_1_5\\bin\\fbserver.exe"=

    "C:\\Arquivos de programas\\VoipRaider.com\\VoipRaider\\VoipRaider.exe"=

    "C:\\Arquivos de programas\\MagicDraw UML\\jre\\bin\\javaw.exe"=

    "C:\\Arquivos de programas\\SMSlisto.com\\SMSlisto\\SMSlisto.exe"=

    "C:\\Arquivos de programas\\Aptana\\Aptana Studio\\jre\\bin\\javaw.exe"=

    "C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"=

    "C:\\Arquivos de programas\\Java\\jdk1.6.0_03\\jre\\bin\\java.exe"=

    "C:\\Arquivos de programas\\Java\\jdk1.6.0_03\\bin\\java.exe"=

    "C:\\Arquivos de programas\\Palm\\HOTSYNC.EXE"=

    "C:\\Arquivos de programas\\MegaCubo\\megacubo.exe"=

    "C:\\Documents and Settings\\Bruno2110\\Meus documentos\\Bruno v.r.a\\Programas\\Programas Portables\\Programação\\phpDesigner 2008.exe"=

    "C:\\Documents and Settings\\Bruno2110\\Meus documentos\\Bruno v.r.a\\Programas\\eclipse\\eclipse\\eclipse.exe"=

    "C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "27015:TCP"= 27015:TCP:27015

    "27015:UDP"= 27015:UDP:27015 udp

    "1872:TCP"= 1872:TCP:messenger

    "5434:TCP"= 5434:TCP:messenger

    "6728:TCP"= 6728:TCP:messenger

    "1336:TCP"= 1336:TCP:messenger

    "6667:TCP"= 6667:TCP:messenger

    R2 Gizmo Plugin;Gizmo VoIP Service;"C:\Arquivos de programas\GizmoPlugin\GizmoPlugin.exe" [2007-06-04 22:16]

    R2 InterBaseGuardian;InterBase Guardian;C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe [2001-11-28 20:50]

    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2007-04-17 14:00]

    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 11:55]

    R2 NuTCRACKERService;NuTCRACKERService;C:\WINDOWS\system32\nutsrv4.exe [2002-04-25 15:27]

    R2 pgsql-8.2;PostgreSQL Database Server 8.2;"C:\Arquivos de programas\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -w -N "pgsql-8.2" -D "C:\Arquivos de programas\PostgreSQL\8.2\data\" []

    R3 InterBaseServer;InterBase Server;C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe [2001-11-28 20:50]

    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]

    R3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 08:11]

    R3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 08:11]

    R3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2005-08-06 00:06]

    S2 Ca533av;WWL 401 Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys []

    S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbguard.exe [2007-09-03 17:13]

    S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbserver.exe [2007-09-03 17:13]

    S3 IBExpertBackupRestore;IBExpertBackupRestore;C:\Arquivos de programas\HK-Software\IBExpertBackupRestore\hkIBRS.exe []

    S3 IBExpertJobScheduler;IBExpertJobScheduler;C:\Arquivos de programas\HK-Software\IBExpertJobScheduler\hkJS.exe []

    S3 mpr_freader;MPR FileReader Driver;C:\DOCUME~1\BRUNO2~1\CONFIG~1\Temp\RarSFX0\mpr_freader.sys []

    S3 msvad_simple;SoliCall;C:\WINDOWS\system32\drivers\solicall.sys [2006-06-10 15:19]

    S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 14:31]

    S3 padenum;Enumerador de dispositivos de NTPAD;C:\WINDOWS\system32\DRIVERS\padenum.sys []

    S3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;C:\WINDOWS\system32\drivers\psxpad.sys []

    S3 PsxPortEnumerator;Psx Port Enumerator;C:\WINDOWS\system32\Drivers\psxenum.sys []

    S3 RemoteExec;Remote execution service;C:\WINDOWS\vnc-remote-exec.exe []

    S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []

    S3 SQLWriter;SQL Server VSS Writer;"c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 03:53]

    S3 Tomcat6;Apache Tomcat;"C:\Arquivos de programas\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe" //RS//Tomcat6 []

    S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys []

    S3 VendorJoystickEnabler;Driver para joystick paralelo de consola;C:\WINDOWS\system32\drivers\ntpad.sys []

    S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []

    S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []

    S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\Arquivos de programas\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0eb91acf-e738-11dc-8880-005056c00008}]

    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1afa226-320f-11db-a2f3-806d6172696f}]

    \Shell\AutoRun\command - F:\AUTORUN.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f32a6d81-f227-11dc-8892-005056c00008}]

    \Shell\AutoRun\command - fooool.exe

    \Shell\explore\Command - fooool.exe

    \Shell\open\Command - fooool.exe

    *Newly Created Service* - CATCHME

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    "2008-04-25 20:20:12 C:\WINDOWS\Tasks\1-Click Maintenance.job"

    - C:\Arquivos de programas\TuneUp Utilities 2006\SystemOptimizer.exe

    "2008-04-18 05:44:29 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"

    - C:\Arquivos de programas\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

    "2007-09-01 05:02:13 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"

    - C:\Arquivos de programas\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

    .

    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-04-25 22:48:38

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros ocultos ...

    disk error: C:\WINDOWS\system32\drivers\

    disk error: C:\WINDOWS\system32\

    disk error: C:\DOCUME~1\BRUNO2~1\CONFIG~1\Temp\

    disk error: C:\WINDOWS\TEMP\

    disk error: C:\WINDOWS\

    disk error: C:\WINDOWS\system32\wbem\

    disk error: C:\Arquivos de programas\Arquivos comuns\

    disk error: C:\Documents and Settings\Bruno2110\Dados de aplicativos\

    disk error: C:\

    disk error: C:\Arquivos de programas\

    disk error: C:\WINDOWS\Fonts\

    disk error: C:\Documents and Settings\Bruno2110\Configurações locais\Dados de aplicativos\

    disk error: C:\WINDOWS\Downloaded Program Files\

    disk error: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

    disk error: C:\Documents and Settings\Bruno2110\Menu Iniciar\Programas\Inicializar\

    Varredura completada com sucesso

    Ficheiros ocultos:

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MySQL]

    "ImagePath"="\"C:\Arquivos de programas\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Arquivos de programas\MySQL\MySQL Server 5.0\my.ini\" MySQL"

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PSSdk21]

    "ImagePath"="\??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv"

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe

    -> C:\Arquivos de programas\rnamfler\radprlib.dll

    PROCESS: C:\WINDOWS\system32\lsass.exe

    -> C:\Arquivos de programas\NetLimiter\nl_lsp.dll

    -> C:\WINDOWS\system32\nl_msgc.dll

    -> C:\Arquivos de programas\rnamfler\radprlib.dll

    PROCESS: C:\WINDOWS\system32\csrss.exe

    -> C:\Arquivos de programas\rnamfler\radprlib.dll

    .

    Tempo para conclusão: 2008-04-25 22:54:00

    ComboFix-quarantined-files.txt 2008-04-26 01:53:55

    Pre-Run: 2,438,914,048 bytes disponíveis

    Post-Run: 2,484,944,896 bytes disponíveis

    376 --- E O F --- 2008-04-12 06:11:01

    Arquivo hijackthis.txt

    ______________________________________

    Logfile of HijackThis v1.99.1

    Scan saved at 22:59:53, on 25/4/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Bonjour\mDNSResponder.exe

    C:\Arquivos de programas\GizmoPlugin\GizmoPlugin.exe

    C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

    C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

    C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

    c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

    C:\WINDOWS\system32\nutsrv4.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\oodag.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Arquivos de programas\PostgreSQL\8.2\bin\pg_ctl.exe

    C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

    C:\Arquivos de programas\NetLimiter\NetLimiter.exe

    C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

    C:\Arquivos de programas\rnamfler\naomf.exe

    C:\Arquivos de programas\RocketDock\RocketDock.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\Arquivos de programas\rnamfler\naofsvc.exe

    C:\Arquivos de programas\PostgreSQL\8.2\bin\postgres.exe

    c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

    C:\WINDOWS\DvzCommon\DvzMsgr.exe

    c:\arquivos de programas\rnamfler\radprcmp.exe

    C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

    C:\Arquivos de programas\PostgreSQL\8.2\bin\postgres.exe

    C:\WINDOWS\system32\vmnat.exe

    C:\Arquivos de programas\PostgreSQL\8.2\bin\postgres.exe

    C:\Arquivos de programas\PostgreSQL\8.2\bin\postgres.exe

    C:\WINDOWS\system32\vmnetdhcp.exe

    C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

    C:\WINDOWS\System32\alg.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

    C:\WINDOWS\system32\notepad.exe

    C:\WINDOWS\system32\taskmgr.exe

    C:\WINDOWS\explorer.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

    C:\Documents and Settings\Bruno2110\Desktop\Download\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

    O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

    O1 - Hosts: 127.255.255.255 www.alcohol-soft.com

    O1 - Hosts: 127.255.255.255 images.alcohol-soft.com

    O1 - Hosts: 127.255.255.255 trial.alcohol-soft.com

    O1 - Hosts: 72.232.248.67 www.p2mbrasil.com

    O1 - Hosts: 85.17.162.92 www.cpturbo.org

    O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.n

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\ARQUIV~1\FlashGet\jccatch.dll

    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Arquivos de programas\Siber Systems\AI RoboForm\roboform.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Arquivos de programas\Siber Systems\AI RoboForm\roboform.dll

    O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)

    O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)

    O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Arquivos de programas\ReGet Deluxe 5.1 Beta\IEBar.dll

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

    O4 - HKLM\..\Run: [NetLimiter] C:\Arquivos de programas\NetLimiter\NetLimiter.exe /s

    O4 - HKLM\..\Run: [kav] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

    O4 - HKLM\..\Run: [LogonStudio] "C:\Arquivos de programas\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

    O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

    O4 - HKLM\..\Run: [wrna3ls] C:\Arquivos de programas\rnamfler\naomf.exe

    O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [spyware Doctor] "F:\Programas\Programas Portables\Portable Spyware Doctor 4.0.0.2620\SpywareDoctor\swdoctor.exe" /Q

    O4 - Startup: Gerenciador do HotSync.lnk = C:\Arquivos de programas\Palm\HOTSYNC.EXE

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O8 - Extra context menu item: Barra de Ferramentas do RF - file://C:\Arquivos de programas\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

    O8 - Extra context menu item: Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

    O8 - Extra context menu item: Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Personalizar Menu - file://C:\Arquivos de programas\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

    O8 - Extra context menu item: Preencher - file://C:\Arquivos de programas\Siber Systems\AI RoboForm\RoboFormComFillForms.html

    O8 - Extra context menu item: Salvar Formulários - file://C:\Arquivos de programas\Siber Systems\AI RoboForm\RoboFormComSavePass.html

    O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

    O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Arquivos de programas\iMacros\imacros.dll

    O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Arquivos de programas\iMacros\imacros.dll

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: Antivírus para Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

    O9 - Extra button: Preencher - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Arquivos de programas\Siber Systems\AI RoboForm\RoboFormComFillForms.html

    O9 - Extra 'Tools' menuitem: Preencher - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Arquivos de programas\Siber Systems\AI RoboForm\RoboFormComFillForms.html

    O9 - Extra button: Salvar - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Arquivos de programas\Siber Systems\AI RoboForm\RoboFormComSavePass.html

    O9 - Extra 'Tools' menuitem: Salvar Formulários - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Arquivos de programas\Siber Systems\AI RoboForm\RoboFormComSavePass.html

    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Arquivos de programas\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

    O9 - Extra 'Tools' menuitem: Barra de Ferramentas do RF - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Arquivos de programas\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Bruno2110\Menu Iniciar\Programas\IMVU\Run IMVU.lnk (file missing)

    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

    O11 - Options group: [iNTERNATIONAL] International*

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156262813328

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

    O17 - HKLM\System\CCS\Services\Tcpip\..\{A2DA23DE-F52E-421D-AF4D-A4A0519E636A}: NameServer = 192.168.1.1

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

    O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

    O20 - Winlogon Notify: softpub32 - C:\WINDOWS\SYSTEM32\softpub32.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: AVP - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbguard.exe

    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbserver.exe

    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Arquivos de programas\GizmoPlugin\GizmoPlugin.exe

    O23 - Service: IBExpertBackupRestore - Unknown owner - C:\Arquivos de programas\HK-Software\IBExpertBackupRestore\hkIBRS.exe (file missing)

    O23 - Service: IBExpertJobScheduler - Unknown owner - C:\Arquivos de programas\HK-Software\IBExpertJobScheduler\hkJS.exe (file missing)

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

    O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

    O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

    O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)

    O23 - Service: NuTCRACKERService - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

    O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - Unknown owner - C:\Arquivos de programas\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -w -N "pgsql-8.2" -D "C:\Arquivos de programas\PostgreSQL\8.2\data\ (file missing)

    O23 - Service: RdnaoFlSvc - Unknown owner - C:\Arquivos de programas\rnamfler\naofsvc.exe

    O23 - Service: Remote execution service (RemoteExec) - Unknown owner - C:\WINDOWS\vnc-remote-exec.exe (file missing)

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

    O23 - Service: Apache Tomcat (Tomcat6) - Unknown owner - C:\Arquivos de programas\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe" //RS//Tomcat6 (file missing)

    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Arquivos de programas\TuneUp Utilities 2006\WinStylerThemeSvc.exe

    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

    O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

    O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice (file missing)

    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

    Falou pela ajuda, será q isso resolveu ou ainda estou com virus?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Bom Dia! bruno21101

    >@< Faça o download do HostsXpert.

    >@< Salve-o no Desktop!

    >@< Descompacte-o e execute-o.( HostsXpert.exe )

    >@< Feche todas as janelas e o navegador!

    >@< Clique em Restore Microsoft's Hosts file >> Ok.

    >@< Finalize o programa!

    >@< Reinicie o computador!

    ---------------------

    Antes de executar este procedimento,insira sua(s) unidade(s) removíveis,na entrada USB.

    <!> Delete:

    C:\QooBox

    C:\ComboFix.txt << Log anterior do ComboFix.

    ---------------------

    >@< Selecione e copie,todo o conteúdo que está na área do código,para o Bloco de Notas.

    >@< Salve-o,no Desktop,com o nome: CFScript.txt

    File::
    F:\AUTORUN.EXE
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0eb91acf-e738-11dc-8880-005056c00008}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1afa226-320f-11db-a2f3-806d6172696f}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f32a6d81-f227-11dc-8892-005056c00008}]

    >@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

    >@< Veja a demonstração!

    cpiadecfscriptxt7.gif

    >@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

    >@< Caso não reinicie,faça-o manualmente!

    >@< Durante a execução,não utilize o teclado ou Mouse!

    >@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

    Abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×