dias.eder

pessoal quando ligo meu pc fica aparecendo uma janela toda ora e eu tento fechar mais ela nao fecha concertesa esta com virus como eu faço para remove-lo. por favor

Kosloski

__________________

dias.eder

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:59, on 1/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\juschedit.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\msoobe32.exe
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\dchcp.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\netmeet.exe
C:\Documents and Settings\Alien\Menu Iniciar\Programas\Inicializar\svchosf.exe
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Arquivos de programas\Norton GoBack\GBPoll.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gratis.com.br
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\system32\browsewan.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\ARQUIV~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\ARQUIV~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [Runonce] C:\WINDOWS\system32\runouce.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Persistence ! System] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\juschedit.exe
O4 - HKLM\..\Run: [avast ! System] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\netmeet.exe
O4 - HKLM\..\Run: [Gbp Service] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\dchcp.exe
O4 - HKLM\..\Run: [msnmsgrs] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\msoobe32.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nod32kab] C:\Documents and Settings\Alien\Menu Iniciar\Programas\Inicializar\svchosf.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; Embedded Web Browser from: http://bsalsa.com/; InfoPath.1)" -"http://www.miniclip.com/games/max-speed/pt/content_iframe.php"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BnDkHelp.exe
O4 - Startup: dchcp.exe
O4 - Startup: juschedit.exe
O4 - Startup: msoobe32.exe
O4 - Startup: netmeet.exe
O4 - Startup: spoolsvr32.exe
O4 - Startup: svchosf.exe
O4 - Global Startup: BnDkHelp.exe
O4 - Global Startup: dchcp.exe
O4 - Global Startup: juschedit.exe
O4 - Global Startup: msoobe32.exe
O4 - Global Startup: netmeet.exe
O4 - Global Startup: spoolsvr32.exe
O4 - Global Startup: svchosf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZCfox000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CS2\Services\Tcpip\..\{2DAE46F5-5DA8-4A23-A951-D8BEF8B4F0BF}: NameServer = 192.168.0.1
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Arquivos de programas\Norton GoBack\GBPoll.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://static1.orkut.com/js/gen/common060.js

--
End of file - 8459 bytes

ai mais como se sabe se tem virus por esse programa?

Kosloski

Seu pc está infectado mesmo.

__________________

dias.eder

ComboFix 10-02-01.02 - Alien 01/02/2010 20:01:00.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.744 [GMT -2:00]
Executando de: c:\documents and settings\Alien\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* AV residente está ativo

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

c:\arquivos de programas\FunWebProducts
c:\arquivos de programas\FunWebProducts\Shared\Cache\CursorManiaB tn.html
c:\arquivos de programas\FunWebProducts\Shared\Cache\MyFunCardsIM Btn.html
c:\arquivos de programas\FunWebProducts\Shared\Cache\SmileyCentra lBtn.html
c:\arquivos de programas\FunWebProducts\Shared\Cache\WebfettiBtn. html
c:\arquivos de programas\MyWebSearch
c:\arquivos de programas\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\arquivos de programas\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\arquivos de programas\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\arquivos de programas\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\arquivos de programas\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\arquivos de programas\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\arquivos de programas\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\arquivos de programas\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\arquivos de programas\MyWebSearch\bar\2.bin\F3BKGERR.JPG
c:\arquivos de programas\MyWebSearch\bar\2.bin\F3HKSTUB.DLL
c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON.F3S
c:\arquivos de programas\MyWebSearch\bar\Cache\00B2CB9B
c:\arquivos de programas\MyWebSearch\bar\Cache\00B2D0FA
c:\arquivos de programas\MyWebSearch\bar\Cache\00B2DE29.bin
c:\arquivos de programas\MyWebSearch\bar\Cache\00B2DFFE.bin
c:\arquivos de programas\MyWebSearch\bar\Cache\00B2E126.bin
c:\arquivos de programas\MyWebSearch\bar\Cache\00B2E27E.bin
c:\arquivos de programas\MyWebSearch\bar\Cache\00B32861.bin
c:\arquivos de programas\MyWebSearch\bar\Cache\00B329A9.bin
c:\arquivos de programas\MyWebSearch\bar\Cache\00B32AF1.bin
c:\arquivos de programas\MyWebSearch\bar\Cache\00B32C49.bin
c:\arquivos de programas\MyWebSearch\bar\Cache\00B32D72
c:\arquivos de programas\MyWebSearch\bar\Cache\files.ini
c:\arquivos de programas\MyWebSearch\bar\Game\CHECKERS.F3S
c:\arquivos de programas\MyWebSearch\bar\Game\CHESS.F3S
c:\arquivos de programas\MyWebSearch\bar\Game\REVERSI.F3S
c:\arquivos de programas\MyWebSearch\bar\History\search3
c:\arquivos de programas\MyWebSearch\bar\icons\CM.ICO
c:\arquivos de programas\MyWebSearch\bar\icons\MFC.ICO
c:\arquivos de programas\MyWebSearch\bar\icons\PSS.ICO
c:\arquivos de programas\MyWebSearch\bar\icons\SMILEY.ICO
c:\arquivos de programas\MyWebSearch\bar\icons\WB.ICO
c:\arquivos de programas\MyWebSearch\bar\icons\ZWINKY.ICO
c:\arquivos de programas\MyWebSearch\bar\Message\COMMON.F3S
c:\arquivos de programas\MyWebSearch\bar\Notifier\COMMON.F3S
c:\arquivos de programas\MyWebSearch\bar\Notifier\DOG.F3S
c:\arquivos de programas\MyWebSearch\bar\Notifier\FISH.F3S
c:\arquivos de programas\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\arquivos de programas\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\arquivos de programas\MyWebSearch\bar\Notifier\MAID.F3S
c:\arquivos de programas\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\arquivos de programas\MyWebSearch\bar\Notifier\OPERA.F3S
c:\arquivos de programas\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\arquivos de programas\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\arquivos de programas\MyWebSearch\bar\Notifier\SURFER.F3S
c:\arquivos de programas\MyWebSearch\bar\Settings\prevcfg2.htm
c:\arquivos de programas\MyWebSearch\bar\Settings\s_pid.dat
c:\documents and settings\Alien\Dados de aplicativos\.#
c:\documents and settings\Alien\Dados de aplicativos\.#\MBX@428@9A3240.###
c:\documents and settings\Alien\Dados de aplicativos\.#\MBX@A88@86E3510.###
c:\documents and settings\Alien\Dados de aplicativos\Desktopicon
c:\documents and settings\Alien\Dados de aplicativos\Desktopicon\mc.ico
c:\documents and settings\Alien\InstallShield Installation Information
c:\documents and settings\Alien\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\Atalho (2) para {A5BA14E0-7384-5991B8648CBE70A4}.lnk
c:\documents and settings\Alien\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\Atalho (3) para {A5BA14E0-7384-5991B8648CBE70A4}.lnk
c:\documents and settings\Alien\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\Atalho (4) para {A5BA14E0-7384-5991B8648CBE70A4}.lnk
c:\documents and settings\Alien\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\Atalho para {A5BA14E0-7384-5991B8648CBE70A4}.lnk
c:\documents and settings\Alien\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\msoobe32.exe
c:\documents and settings\Alien\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\spoolsvr32.exe
c:\documents and settings\Alien\Menu Iniciar\Programas\Inicializar\dchcp.exe
c:\documents and settings\Alien\Menu Iniciar\Programas\Inicializar\juschedit.exe
c:\documents and settings\Alien\Menu Iniciar\Programas\Inicializar\msoobe32.exe
c:\documents and settings\Alien\Menu Iniciar\Programas\Inicializar\netmeet.exe
c:\documents and settings\Alien\Menu Iniciar\Programas\Inicializar\spoolsvr32.exe
c:\documents and settings\Alien\Menu Iniciar\Programas\Inicializar\svchosf.exe
c:\documents and settings\All Users\Dados de aplicativos\dkwork.ini
c:\documents and settings\All Users\Dados de aplicativos\Explorer.exe
c:\documents and settings\All Users\Dados de aplicativos\UpApp32.dll
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\dchcp.exe
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\juschedit.exe
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\msoobe32.exe
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\netmeet.exe
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\spoolsvr32.exe
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\svchosf.exe
c:\windows\system32\browsewan.dll
c:\windows\system32\owner.exe
c:\windows\system32\Prefetchxs
c:\windows\system32\Prefetchxs\_julinhaA_bonequinh a@19hotmail.com
c:\windows\system32\Prefetchxs\acmccs9@yahoo.com.b r
c:\windows\system32\Prefetchxs\andreambruster@yaho o.com.br
c:\windows\system32\Prefetchxs\aninha_p9@hotmail.c om
c:\windows\system32\Prefetchxs\aredio.alvez@hotmai l.com
c:\windows\system32\Prefetchxs\bervalbani@yahoo.co m.br
c:\windows\system32\Prefetchxs\betao_14@bol.com.br
c:\windows\system32\Prefetchxs\bruninha_._fofucha@ hotmail.com
c:\windows\system32\Prefetchxs\bu.capo.@hotmail.co m
c:\windows\system32\Prefetchxs\carlos_3baiano@hotm ail.com.br
c:\windows\system32\Prefetchxs\chapada_@hotmail.co m
c:\windows\system32\Prefetchxs\crist_3r@hotmail.co m
c:\windows\system32\Prefetchxs\dannyporf@hotmail.c om
c:\windows\system32\Prefetchxs\deives.santos18@yah oo.com.br
c:\windows\system32\Prefetchxs\dgsilva979
c:\windows\system32\Prefetchxs\eduardoschmidt77@ya hoo.com.br
c:\windows\system32\Prefetchxs\fedelhaa
c:\windows\system32\Prefetchxs\guga.ruan100%gostoz ao@hotmail.com
c:\windows\system32\Prefetchxs\haline_cristina_@ho tmail.com
c:\windows\system32\Prefetchxs\jaquelinebo@hotmail .com
c:\windows\system32\Prefetchxs\jho_lari@yahoo.com
c:\windows\system32\Prefetchxs\jhon_vidaloca@hotma il.com
c:\windows\system32\Prefetchxs\kainhux@hotmail.com
c:\windows\system32\Prefetchxs\karina_vidaloka5@ho tmail.com
c:\windows\system32\Prefetchxs\kayck_666_@hotmail. com
c:\windows\system32\Prefetchxs\leninhu@gmail.com
c:\windows\system32\Prefetchxs\lindinhaa_fofa_@hot mail.com
c:\windows\system32\Prefetchxs\lu_33@yahoo.com
c:\windows\system32\Prefetchxs\lukinha_sonny@hotma il.com
c:\windows\system32\Prefetchxs\marcelinhoxt@hotmai l.com
c:\windows\system32\Prefetchxs\mateusacm@hotmail.c om
c:\windows\system32\Prefetchxs\maykenn.fogatti@hot mail.com
c:\windows\system32\Prefetchxs\mayra_gabriela14@ya hoo.com.br
c:\windows\system32\Prefetchxs\mc_ativa@hotmail.co m
c:\windows\system32\Prefetchxs\mercio_nossosonho@h otmail.com
c:\windows\system32\Prefetchxs\milica8@hotmail.com
c:\windows\system32\Prefetchxs\planomil@yahoo.com. br
c:\windows\system32\Prefetchxs\quequellegiao@hotma il.com
c:\windows\system32\Prefetchxs\rafael_patu_@hotmai l.com
c:\windows\system32\Prefetchxs\renan123_n@hotmail. com
c:\windows\system32\Prefetchxs\ro43_curtocs@hotmai l.com
c:\windows\system32\Prefetchxs\ronei_felipe@ig.com .br
c:\windows\system32\Prefetchxs\ry_badboy@hotmail.c om
c:\windows\system32\Prefetchxs\sf_tavares@hotmail. com
c:\windows\system32\Prefetchxs\silas_0011@hotmail. com
c:\windows\system32\Prefetchxs\siry_atrevido_@hotm ail.com
c:\windows\system32\Prefetchxs\sonho_ggs@hotmail.c om
c:\windows\system32\Prefetchxs\susego_hiphop_@hotm ail.com
c:\windows\system32\Prefetchxs\thiago_dogao2009@ho tmail.com
c:\windows\system32\Prefetchxs\tiago_lucena_@hotma il.com
c:\windows\system32\Prefetchxs\tiodu@ig.com.br
c:\windows\system32\Prefetchxs\uid.txt
c:\windows\system32\Prefetchxs\whb_15@yahoo.com.br
c:\windows\system32\Prefetchxs\ydylmar@hotmail.com
c:\windows\system32\runouce.exe
c:\windows\system32\wuauclt32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-01 to 2010-02-01 ))))))))))))))))))))))))))))
.

2010-02-01 21:09 . 2010-02-01 21:09 -------- d-----w- c:\arquivos de programas\Trend Micro
2010-01-28 12:40 . 2010-01-29 15:55 -------- d-----w- c:\arquivos de programas\MU WAR™
2010-01-13 23:11 . 2010-01-13 23:11 -------- d-----w- c:\arquivos de programas\Programas SRF
2010-01-10 17:55 . 2010-01-11 16:18 -------- d-----w- c:\arquivos de programas\MuBrPlay Team
2010-01-08 12:33 . 2010-01-08 12:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Blizzard Entertainment
2010-01-06 14:30 . 2010-01-06 14:31 -------- d-----w- c:\arquivos de programas\CDisplay

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-02-01 17:15 . 2009-08-16 20:00 -------- d-----w- c:\arquivos de programas\Mu-Lande
2010-01-30 17:41 . 2009-10-30 23:23 -------- d-----w- c:\arquivos de programas\MuAwaY
2010-01-28 14:43 . 2009-06-05 18:40 -------- d-----w- c:\arquivos de programas\World of Warcraft
2010-01-06 14:53 . 2009-10-08 15:32 -------- d-----w- c:\arquivos de programas\Launche Brazuca Servers
2010-01-06 11:51 . 2009-02-12 17:27 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2010-01-06 11:51 . 2009-02-12 17:27 -------- d-----w- c:\arquivos de programas\NitroPC
2010-01-05 12:47 . 2009-06-03 22:19 -------- d-----w- c:\arquivos de programas\MuxpServer DarkAge
2009-12-31 12:55 . 2009-06-09 21:34 -------- d-----w- c:\arquivos de programas\MuDarkBreak
2009-12-31 12:47 . 2009-06-09 17:17 -------- d-----w- c:\arquivos de programas\MUDD3
2009-12-31 12:21 . 2009-10-17 15:09 -------- d-----w- c:\arquivos de programas\Mu Conection
2009-12-08 19:48 . 2009-12-08 19:48 -------- d-----w- c:\arquivos de programas\iHUGames
2009-11-25 15:27 . 2009-11-25 15:27 19 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\mercio_nossosonho@hotmail.com
2009-11-25 15:27 . 2009-11-25 15:27 19 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\mercio_nossosonho@hotmail.com
2009-11-12 16:00 . 2009-11-12 16:00 19 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\k_kapetinhu_@hotmail.com
2009-11-12 16:00 . 2009-11-12 16:00 19 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\k_kapetinhu_@hotmail.com
2009-11-11 19:39 . 2009-11-11 19:39 19 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\ydylmar@hotmail.com
2009-11-11 19:39 . 2009-11-11 19:39 19 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\ydylmar@hotmail.com
2009-11-07 19:10 . 2009-11-07 19:11 82432 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Windwnx32.exe
2009-11-07 19:10 . 2009-11-07 19:11 82432 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Windwnx32.exe
2009-09-24 14:44 . 2009-09-24 14:44 0 --sh--w- c:\windows\TRANFORME.DLL
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 16050176]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-05 8491008]
"nwiz"="nwiz.exe" [2007-10-05 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2007-10-05 81920]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Alien\Menu Iniciar\Programas\Inicializar\
BnDkHelp.exe [2009-11-11 698286]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
BnDkHelp.exe [2009-11-11 698286]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"shell"= c:\windows\Explorer.exe
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"shell"= c:\windows\Explorer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"RestrictRun"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"NoExplorerBar"= 0 (0x0)
"NoFolders"= 0 (0x0)
"NoToolsMenu"= 0 (0x0)
"SpecifyDefaultButtons"= 1 (0x1)
"NoFileUrl"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"RestrictRun"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"SpecifyDefaultButtons"= 1 (0x1)
"NoToolsMenu"= 0 (0x0)
"NoFileUrl"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Valve\\hl.exe"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
"c:\\Arquivos de programas\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=
"c:\\Arquivos de programas\\World of Warcraft\\Launcher.exe"=
"c:\\Arquivos de programas\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Arquivos de programas\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"2000:TCP"= 2000:TCP:TimerCafe
"5900:TCP"= 5900:TCP:TCafeVNC
"21:TCP"= 21:TCP:TCafeFTP
"2531:TCP"= 2531:TCP:horkjbhj
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/2/2009 15:18 685816]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6/2/2009 14:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [6/2/2009 14:24 93336]
R1 ndisfad;ndisfad;c:\windows\system32\drivers\ndisfa d.sys [9/7/2008 17:01 22784]
R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [6/2/2009 14:23 727720]
R3 slnt;Silan SC92031 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [12/2/2009 15:49 18004]
S2 tortrk;System Shell;c:\windows\system32\svchost.exe -k netsvcs [3/8/2004 22:45 14336]
S3 cpuz129;cpuz129;\??\c:\docume~1\Alien\CONFIG~1\Tem p\cpuz_x32.sys --> c:\docume~1\Alien\CONFIG~1\Temp\cpuz_x32.sys [?]
S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sy s --> c:\windows\system32\XDva279.sys [?]
S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sy s --> c:\windows\system32\XDva281.sys [?]
S3 XDva297;XDva297;\??\c:\windows\system32\XDva297.sy s --> c:\windows\system32\XDva297.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
tortrk
.
Conteúdo da pasta 'Tarefas Agendadas'
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.gratis.com.br
uSearchURL,(Default) = hxxp://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
IE: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZCfox000
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Alien\Dados de aplicativos\Mozilla\Firefox\Profiles\aovj7pra.defa ult\
FF - component: c:\documents and settings\Alien\Dados de aplicativos\Mozilla\Firefox\Profiles\aovj7pra.defa ult\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}\components\GbMzhAbn.dll

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
- - - - ORFÃOS REMOVIDOS - - - -

Toolbar-Locked - (no file)
HKLM-Run-MyWebSearch Plugin - c:\arquiv~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
AddRemove-Mu Classic V. 1.7.7 - c:\documents and settings\Alien\Desktop\Nova pasta\Uninstal.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-01 20:12
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

************************************************** ************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe GoBack2K.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86BD71E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf725ccb8
\Driver\atapi -> atapi.sys @ 0xf71f1b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\t ortrk]
"ServiceDll"="c:\windows\system32\amzdrq.dll"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\h–€|ÿÿÿÿ¤•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Norton GoBack\GBPoll.exe
c:\windows\system32\nvsvc32.exe
c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
.
************************************************** ************************
.
Tempo para conclusão: 2010-02-01 20:17:14 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-02-01 22:17

Pré-execução: 10 pasta(s) 13.945.290.752 bytes disponíveis
Pós execução: 12 pasta(s) 13.921.722.368 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 2096D198F0EF377F64D14E15E37A5A8A

ai o relatorio acho que tiro

Kosloski

__________________

dias.eder

quando eu te passei o log do Logfile HijackThis como se soube que meu pc tava infectado?

Kosloski

__________________

dias.eder

ai kosloski valeo cara pelas informações

Kosloski

Por favor, um novo log.

__________________