Ir ao conteúdo
  • Cadastre-se
powerrafa

Kavo.exe, tavo.exe e afins

Recommended Posts

Opa, meu pc mesmo depois de formatar esta estranho, nao consigo ver os arquivos ocultos ( eu mudo la, mas ele volta sozinho) e toda ves que inicio o pc ele da 1 tal de Tavo.exe nao pode ler nao sei o que na memoria, e o anti-virus parece nao funcionar.

segue o log:

ogfile of HijackThis v1.99.1

Scan saved at 11:55:13, on 19/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\DreMule\emule.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\ESET\nod32kui.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\DreMule\emule.exe -AutoStart

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211037639281

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa, cabei de passar um scan online do kapersky, achou alguns virus, mas nao consigo excluir ( eles estão ocultos, mas aqui nao ta mudando as opções de arquivos ocultos. Worm.Win32.AutoRun.duc / Trojan-PSW.Win32.OnLineGames.aikb

Compartilhar este post


Link para o post
Compartilhar em outros sites

Depois de dar algumas fuçadas aqui consegui abrir os arquivos ocultos ( passei o combofix)

segue os logs :

Logfile of HijackThis v1.99.1

Scan saved at 18:06:16, on 19/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\DreMule\emule.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\DreMule\emule.exe -AutoStart

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: Add to Anti-Banner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211037639281

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~1.0\adialhk.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

combofix: ComboFix 08-05-19.1 - Rafael 2008-05-19 17:52:50.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1294 [GMT -3:00]

Executando de: C:\Downloads\ComboFix.exe

* Criado um novo ponto de restauro

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

C:\WINDOWS\system32\kavo0.dll

C:\WINDOWS\system32\kavo1.dll

C:\WINDOWS\system32\tavo0.dll

C:\WINDOWS\system32\tavo1.dll

D:\Autorun.inf

.

((((((((((((((((((((((( Ficheiros criados de 2008-04-19 to 2008-05-19 ))))))))))))))))))))))))))))))))

.

2008-05-19 17:36 . 2008-05-19 17:36 <DIR> d-------- C:\!KillBox

2008-05-19 16:41 . 2008-05-19 16:41 <DIR> d-------- C:\Arquivos de programas\2K Games

2008-05-19 16:00 . 2008-05-19 16:20 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-05-19 16:00 . 2008-05-19 16:20 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-05-19 15:15 . 2008-05-19 15:15 <DIR> d-------- C:\Arquivos de programas\Kaspersky Lab

2008-05-19 15:15 . 2008-05-19 17:54 1,881,632 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-05-19 15:15 . 2008-05-19 16:55 13,904 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-05-19 15:15 . 2008-05-19 16:55 5,664 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-05-19 15:15 . 2008-05-19 16:55 2,624 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-05-19 13:14 . 2008-05-19 13:14 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-05-19 13:14 . 2008-05-19 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-05-18 21:55 . 2008-05-18 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Codemasters

2008-05-18 21:54 . 2008-05-18 21:54 <DIR> d-------- C:\Arquivos de programas\OpenAL

2008-05-18 21:50 . 2008-05-18 21:50 <DIR> d-------- C:\Arquivos de programas\Codemasters

2008-05-18 12:49 . 2008-05-19 17:52 <DIR> d-------- C:\Documents and Settings\Rafael\Dados de aplicativos\Orbit

2008-05-18 11:47 . 2006-02-04 03:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd

2008-05-18 11:47 . 2006-02-04 03:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys

2008-05-18 11:41 . 2008-05-18 12:41 <DIR> d-------- C:\Arquivos de programas\Lineage II

2008-05-18 11:40 . 2008-05-18 11:40 <DIR> d-------- C:\Documents and Settings\Rafael\Dados de aplicativos\InstallShield

2008-05-17 22:38 . 2008-05-19 17:51 <DIR> d-------- C:\Downloads

2008-05-17 22:38 . 2008-05-17 22:38 <DIR> d-------- C:\Arquivos de programas\Orbitdownloader

2008-05-17 21:52 . 2008-05-17 21:52 <DIR> d-------- C:\Documents and Settings\Rafael\Dados de aplicativos\DivX

2008-05-17 21:52 . 2008-05-17 21:53 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-05-17 20:34 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2008-05-17 20:33 . 2008-05-17 20:33 <DIR> d-------- C:\Arquivos de programas\Microsoft Works

2008-05-17 20:30 . 2008-05-17 20:32 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-05-17 20:29 . 2008-05-17 20:29 <DIR> dr-h----- C:\MSOCache

2008-05-17 20:29 . 2008-05-17 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-05-17 20:27 . 2006-11-08 15:51 143,360 --a------ C:\WINDOWS\system32\ImageDrive.cpl

2008-05-17 19:15 . 2008-05-17 20:26 <DIR> d-------- C:\Documents and Settings\Sadi\.smplayer

2008-05-17 18:21 . 2008-05-17 21:53 <DIR> d-------- C:\Documents and Settings\Rafael\Dados de aplicativos\Ahead

2008-05-17 15:08 . 2008-05-19 17:10 <DIR> d-------- C:\Documents and Settings\Rafael\Dados de aplicativos\teamspeak2

2008-05-17 15:08 . 2008-05-17 15:08 <DIR> d-------- C:\Arquivos de programas\Teamspeak2_RC2

2008-05-17 15:08 . 2008-05-17 15:08 34,064 --a------ C:\WINDOWS\system32\lhacm.acm

2008-05-17 14:19 . 2008-05-17 14:19 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG

2008-05-17 14:16 . 2008-05-17 14:16 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-05-17 14:16 . 2008-05-17 14:16 <DIR> d-------- C:\Arquivos de programas\Nero

2008-05-17 14:16 . 2008-05-17 14:19 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-05-17 14:13 . 2008-05-17 14:13 <DIR> d-------- C:\Arquivos de programas\SlySoft

2008-05-17 13:52 . 2008-05-17 13:52 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-05-17 13:52 . 2008-05-17 13:52 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2008-05-17 13:39 . 2008-05-18 14:03 <DIR> d-------- C:\Documents and Settings\Rafael\Contacts

2008-05-17 13:39 . 2008-05-17 13:39 268 --ah----- C:\sqmdata00.sqm

2008-05-17 13:39 . 2008-05-17 13:39 244 --ah----- C:\sqmnoopt00.sqm

2008-05-17 13:31 . 2008-05-19 17:15 <DIR> d-------- C:\Arquivos de programas\CABAL Online (BRAZIL)

2008-05-17 13:29 . 2008-05-17 11:42 <DIR> d--h----- C:\Documents and Settings\Rafael\Modelos

2008-05-17 13:29 . 2008-05-19 17:45 <DIR> dr------- C:\Documents and Settings\Rafael\Meus documentos

2008-05-17 13:29 . 2008-05-17 08:37 <DIR> dr------- C:\Documents and Settings\Rafael\Menu Iniciar

2008-05-17 13:29 . 2008-05-17 13:29 <DIR> dr------- C:\Documents and Settings\Rafael\Favoritos

2008-05-17 13:29 . 2008-05-18 12:49 <DIR> dr-h----- C:\Documents and Settings\Rafael\Dados de aplicativos

2008-05-17 13:29 . 2008-05-19 17:54 <DIR> d--h----- C:\Documents and Settings\Rafael\Configurações locais

2008-05-17 13:29 . 2008-05-18 18:59 <DIR> d--h----- C:\Documents and Settings\Rafael\Ambiente de rede

2008-05-17 13:29 . 2008-05-17 08:37 <DIR> d--h----- C:\Documents and Settings\Rafael\Ambiente de impressão

2008-05-17 13:29 . 2008-05-18 21:38 <DIR> d-------- C:\Documents and Settings\Rafael

2008-05-17 13:29 . 2008-05-19 17:59 163,840 --ah----- C:\Documents and Settings\Rafael\ntuser.dat.LOG

2008-05-17 12:53 . 2008-05-17 12:53 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-05-17 12:53 . 2008-05-17 19:20 <DIR> d-------- C:\Documents and Settings\Sadi\Contacts

2008-05-17 12:25 . 2008-05-17 12:25 <DIR> d-------- C:\Arquivos de programas\SMPlayer

2008-05-17 12:23 . 2008-05-17 12:23 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-05-17 12:23 . 2008-05-17 12:52 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-05-17 12:23 . 2008-05-17 12:36 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-05-17 12:22 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2008-05-17 12:22 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-05-17 12:22 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-05-17 12:22 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-05-17 12:22 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-05-17 12:05 . 2008-05-17 12:05 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-05-17 12:05 . 2008-05-17 12:05 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-05-17 12:05 . 2008-05-17 12:05 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-05-17 12:02 . 2008-05-17 12:02 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-05-17 12:02 . 2007-09-28 18:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-05-17 12:01 . 2008-05-19 16:56 <DIR> d-------- C:\Arquivos de programas\DreMule

2008-05-17 12:01 . 2008-05-17 12:01 <DIR> d-------- C:\Arquivos de programas\AMD

2008-05-17 12:01 . 2006-11-01 14:42 33,280 --a------ C:\WINDOWS\system32\drivers\AmdLLD.sys

2008-05-17 12:00 . 2008-05-17 12:00 <DIR> d-------- C:\WINDOWS\system32\pt-br

2008-05-17 12:00 . 2008-05-17 12:00 <DIR> d-------- C:\WINDOWS\Downloaded Installations

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-19 19:53 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys

2008-05-19 19:41 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-05-19 19:03 --------- d-----w C:\Arquivos de programas\ESET

2008-05-19 00:54 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2008-05-19 00:54 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2008-05-19 00:54 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-05-17 14:58 --------- d-----w C:\Arquivos de programas\CoolSMS

2008-05-17 14:52 --------- d-----w C:\Arquivos de programas\Realtek

2008-05-17 14:52 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-05-17 14:46 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-05-17 14:44 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-05-17 14:44 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-04-28 15:29 805,400 ----a-r C:\WINDOWS\system32\tmp5BC.tmp

2008-04-28 15:29 805,400 ----a-r C:\WINDOWS\system32\tmp5BB.tmp

2008-03-05 19:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll

2008-03-05 19:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll

2008-03-05 19:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll

2008-03-05 18:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll

2008-03-05 18:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264]

"eMuleAutoStart"="C:\Arquivos de programas\DreMule\emule.exe" [2008-02-17 20:17 6992896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkyTel"="SkyTel.EXE" [2006-05-16 07:04 2879488 C:\WINDOWS\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 00:12 16062464 C:\WINDOWS\RTHDCPL.exe]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"amd_dc_opt"="C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49 77824]

"CloneCDTray"="C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 10:47 57344]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"AVP"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-05-17 22:38:12 1265664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\ARQUIV~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\DreMule\\emule.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"C:\\Arquivos de programas\\Codemasters\\GRID Demo\\GRID.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]

S3 XDva134;XDva134;C:\WINDOWS\system32\XDva134.sys []

*Newly Created Service* - CATCHME

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-19 17:59:22

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-05-19 18:00:14

ComboFix-quarantined-files.txt 2008-05-19 21:00:12

Pre-Run: 27,905,695,744 bytes disponíveis

Post-Run: 28,101,160,960 bytes disponíveis

178

esta limpo?

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante

Bom Dia! powerrafa

>@< Faça o download do PenClean.

<!> Link alternativo: < PenClean >

>@< Salve-o no Desktop!

>@< Insira suas unidades removíveis,na entrada USB. ( pendrive,mp3,mp4,etc... )

>@< Rode o utilitário,em Modo de Segurança,e selecione a opção: Verificar o computador

>@< Clique no botão Verificar.Aguarde!

>@< Caso haja necessidade,atenda a solicitação para reiniciar o computador.

>@< Clique em Sim!

>@< Ps: Não remova,ainda,essas unidades!

-----------------------

>@< Poste,na sua resposta,o relatório do PenClean,que estará em: C:\PenClean\PenClean.txt

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×