Linha Defensiva | Remova Vírus | BankerFix | Fórum | Sobre
Virus oculta arquivos e cria atalhos

TÓPICO: 103317 | ARQUIVO DO FÓRUM CASOS RESOLVIDOS
msalex
coloquei meu pen drive num pc e ele infectou meu pen drive e meu notebok, ocultanto meus arquivos do pen drive e do pc e criando atalho, aparacem em diversas pastas um reccler e desktop tambem, por favor me ajudem

LOG
Logfile of HijackThis v1.99.1
Scan saved at 10:04:01, on 10/09/2009
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
F:\Program Files\DAP\DAP.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\explorer.exe
C:\Windows\helppane.exe
C:\Users\alex mendes\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 147.0.0.11:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - F:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "f:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "f:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APVXDWIN] "f:\Program Files\Panda Software\Panda Antivirus 6.0\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ScanInicio] "f:\Program Files\Panda Software\Panda Antivirus 6.0\Inicio.exe"
O4 - HKLM\..\RunServices: [APVXD] "f:\Program Files\Panda Software\Panda Antivirus 6.0\APVXDWIN.EXE"
O4 - HKLM\..\RunServices: [PandaScheduler] "f:\Program Files\Panda Software\Panda Antivirus 6.0\Pavsched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DownloadAccelerator] "F:\Program Files\DAP\DAP.EXE" /STARTUP
O8 - Extra context menu item: &Clean Traces - f:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - F:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - F:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{375A133E-96B3-434D-A4EF-EA8B7672DC2C}: NameServer = 189.40.224.5 10.223.246.102
O17 - HKLM\System\CS1\Services\Tcpip\..\{375A133E-96B3-434D-A4EF-EA8B7672DC2C}: NameServer = 189.40.224.5 10.223.246.102
O17 - HKLM\System\CS2\Services\Tcpip\..\{375A133E-96B3-434D-A4EF-EA8B7672DC2C}: NameServer = 189.40.224.5 10.223.246.102
O17 - HKLM\System\CS3\Services\Tcpip\..\{375A133E-96B3-434D-A4EF-EA8B7672DC2C}: NameServer = 189.40.224.5 10.223.246.102
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Windows\SYSTEM32\pavsrv.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RealtekUSB - Realtek - C:\Program Files\REALTEK\USB Wireless LAN Utility\RtlService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

JoseMelo
Seja bem-vindo(a) à Linha Defensiva

Meu nome é José Melo,

Para que possamos ter sucesso ao final dos procedimentos, sugiro que siga estritamente o que lhe for proposto e não use qualquer ferramenta ou programa, que não seja os aqui recomendados;
Não desinstale nenhuma ferramenta que esteja sendo usada, até a finalização dos procedimentos;
Qualquer dúvida quanto a qualquer procedimento aqui indicado, não hesite em perguntar aqui no tópico ou via Mensagem Pessoal;
Caso tenha um tópico em andamento em outro fórum, recomendo que o abandone para que os procedimentos não sejam conflitantes;
Se preferir receber por e-mail um aviso toda vez que houver resposta no seu tópico, clique em
Imagem postada pelo usuário
no alto da página.
Se tiver mais de um antivírus instalado, mantenha somente um para evitar conflitos e lentidão ao sistema. Faça o mesmo para antispyware com proteção residente.

- Faça o download do Malwarebytes Anti-Malware
http://www.besttechie.net/tools/mbam-setup.exe
  • Faça a instalação dando um duplo clique em "mbam-setup.exe";
  • Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;
  • Marque "Verificação Completa" e depois clique em Verificar;
  • Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;
  • Se algo for detectado, veja se tudo está marcado e clique em "Remover";
  • O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;
  • Copie e cole o conteúdo desse log na sua próxima resposta.
- Gere novo log do HijackThis e cole na sua resposta.
msalex
caro colega,
primeiramente obrigado pela ajuda,
1- o programa que você me indicou não executa nem no meu pc, nem e meu notebook que está com problema.
2- eu tentei postar o log do karpesky virus removal, mas o log dá mais de 44 mega e ai não tem como enviar gostaria que me desse outros caminhos
msalex
Segue o log do Kaspersky Virus Removal Tool.

Scan
----
Scanned: 331694
Detected: 0
Untreated: 0
Start time: 14/09/2009 09:31:57
Duration: 02:13:01
Finish time: 14/09/2009 11:44:58


Detected
--------
Status Object
------ ------


Events
------
Time Name Status Reason
---- ---- ------ ------


Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------
All objects 259101 0 0 0 0 4936 784 0 4
System memory 4743 0 0 0 0 0 3 0 0
Startup objects 703 0 0 0 0 0 45 0 0
Disk boot sectors 6 0 0 0 0 0 0 0 0
Documentos 37 0 0 0 0 1 0 0 0
Computador 170311 0 0 0 0 3960 437 0 3
Disco Local (C:) 77760 0 0 0 0 944 297 0 1
deposito (F:) 5541 0 0 0 0 31 2 0 0
Disco Removível (G:) 0 0 0 0 0 0 0 0 0
ALEX 2 (I:) 0 0 0 0 0 0 0 0 0


Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----
no aguardo de novas instruções
msalex
log do combo fix
ComboFix 09-09-13.05 - alex mendes 14/09/2009 12:30.1.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.55.1046.18.893.303 [GMT -3:00]
Executando de: c:\users\alex mendes\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\alex mendes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus.lnk
C:\winrar.exe

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-14 to 2009-09-14 ))))))))))))))))))))))))))))
.

2009-09-14 15:52 . 2009-09-14 15:52 -------- d-----w- c:\users\alex mendes\AppData\Local\temp
2009-09-14 15:52 . 2009-09-14 15:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-14 15:05 . 2009-09-14 15:05 -------- d-----w- C:\PenClean
2009-09-13 22:17 . 2009-09-13 22:17 -------- d-----w- c:\users\alex mendes\AppData\Local\Apps
2009-09-10 15:28 . 2009-09-10 15:28 -------- d-----w- c:\programdata\is-KJGCT
2009-09-10 15:25 . 2009-09-14 15:41 7974944 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-10 15:25 . 2008-07-08 17:54 148496 ----a-w- c:\windows\system32\drivers\17606896.sys
2009-09-10 15:22 . 2009-09-10 15:22 -------- d-----w- C:\Avira
2009-09-10 01:07 . 2009-09-10 01:07 -------- d-----w- c:\windows\system32\PAV
2009-09-10 01:07 . 2000-06-04 16:36 59840 ----a-w- c:\windows\system32\drivers\pavdrv.sys
2009-09-10 01:07 . 2000-07-06 15:09 196608 ----a-w- c:\windows\system32\Pavsrv.exe
2009-09-10 01:07 . 2000-07-06 15:03 69632 ----a-w- c:\windows\system32\Pavsrvdl.dll
2009-09-10 01:07 . 2000-06-22 14:33 77312 ----a-w- c:\windows\system32\Pavmsg.dll
2009-09-10 01:07 . 2000-03-10 13:46 38912 ----a-w- c:\windows\system32\Avengdll.dll
2009-09-10 01:07 . 2000-03-10 13:46 33280 ----a-w- c:\windows\system32\Avengine.exe
2009-09-10 01:07 . 1999-02-22 12:13 72192 ----a-w- c:\windows\system32\Pavperf.dll
2009-09-10 01:07 . 1999-01-20 22:50 148480 ----a-w- c:\windows\system32\Pavjob.dll
2009-09-10 01:07 . 1998-10-30 19:33 58368 ----a-w- c:\windows\system32\Startjob.exe
2009-09-10 01:07 . 2000-06-30 14:29 675840 ----a-w- c:\windows\system32\anasent.dll
2009-09-10 01:07 . 2000-06-30 14:28 675840 ----a-w- c:\windows\system32\analizar.dll
2009-09-10 01:00 . 1998-10-29 19:45 306688 ----a-w- c:\windows\IsUninst.exe

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-12 15:21 . 2006-11-06 01:23 82978 ----a-w- c:\windows\system32\prfc0416.dat
2009-09-12 15:21 . 2006-11-06 01:23 505598 ----a-w- c:\windows\system32\prfh0416.dat
2009-09-11 20:47 . 2009-09-10 15:25 60752 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-26 23:05 . 2009-06-16 18:44 -------- d-----w- c:\users\alex mendes\AppData\Roaming\VistaStumbler
2009-08-13 00:22 . 2009-08-13 00:22 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-13 00:16 . 2009-08-13 00:16 -------- d-----w- c:\programdata\SpeedBit
2009-08-13 00:16 . 2009-08-13 00:16 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2009-08-11 18:13 . 2009-08-11 18:13 -------- d-----w- c:\program files\EASEUS
2009-08-11 17:41 . 2009-03-31 00:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-11 13:22 . 2009-08-11 17:49 8844267 ----a-w- C:\epm.zip
2009-08-01 23:18 . 2009-07-30 21:35 -------- d-----w- c:\program files\Avanquest update
2009-08-01 23:17 . 2009-08-01 23:17 -------- d-----w- c:\program files\Motorola Phone Tools
2009-07-30 21:43 . 2009-07-30 21:30 -------- d-----w- c:\programdata\BVRP Software
2009-07-30 21:43 . 2009-07-30 21:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-07-30 21:40 . 2009-07-30 21:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-30 21:30 . 2009-07-30 21:30 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-07-29 17:29 . 2009-04-01 15:22 -------- d-----w- c:\users\alex mendes\AppData\Roaming\U3
2009-07-27 23:09 . 2009-07-27 23:09 -------- d-----w- c:\program files\Common Files\Borland Shared
2009-07-27 23:09 . 2009-07-27 23:09 -------- d-----w- c:\users\alex mendes\AppData\Roaming\Softouch
2009-07-27 23:09 . 2009-07-27 23:09 -------- d-----w- c:\programdata\Softouch
2009-07-23 20:21 . 2009-06-18 22:33 -------- d-----w- c:\users\alex mendes\AppData\Roaming\CyberLink
2009-07-23 20:20 . 2009-06-18 22:33 -------- d-----w- c:\programdata\CyberLink
2009-07-23 19:23 . 2009-07-23 19:22 -------- d-----w- c:\users\alex mendes\AppData\Roaming\Ahead
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"DownloadAccelerator"="f:\program files\DAP\DAP.EXE" [2009-08-13 2811392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-02 1004136]
"SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-08-24 552960]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-13 1932568]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"RemoteControl"="f:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="f:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"APVXDWIN"="f:\program files\Panda Software\Panda Antivirus 6.0\APVXDWIN.EXE" [2000-03-16 98304]
"ScanInicio"="f:\program files\Panda Software\Panda Antivirus 6.0\Inicio.exe" [2000-01-05 17408]

c:\users\alex mendes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
is-KJGCT.lnk - c:\users\alex mendes\Desktop\Virus Removal Tool\is-KJGCT\startup.exe [2009-9-10 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6A97246E-6CE2-485C-8E0A-B548D8F65C3C}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{7EC47980-A311-4CF7-AE9D-83CCF017A0BA}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{F5D21CF9-32DC-4CBF-B97D-3210B725514A}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{C8F9AE82-221A-4601-B326-C3FE1CAFAA90}"= f:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{D61D6298-281A-4178-BD89-B7B805790E9D}"= TCP:6004|f:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{311DD1BF-0B63-49E5-804E-0392B42F5C3F}"= UDP:f:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{963C8996-7D26-4D09-AFD7-223A62CEE0C4}"= TCP:f:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9021F073-1847-415B-87D3-E5573BBE952D}"= UDP:f:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{82B74142-32DA-4032-A43E-8B3C84E60142}"= TCP:f:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [13/04/2009 20:35 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [13/04/2009 20:35 107912]
R1 is-KJGCTdrv;is-KJGCTdrv;c:\windows\System32\drivers\17606896.sys [10/09/2009 12:25 148496]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\System32\drivers\RtlProt.sys [30/03/2009 21:19 25896]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [13/04/2009 20:34 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [13/04/2009 20:34 298264]
R2 RealtekUSB;RealtekUSB;c:\program files\REALTEK\USB Wireless LAN Utility\RtlService.exe [01/04/2009 19:01 36864]
R3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [26/03/2009 22:05 452096]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [26/03/2009 22:01 46592]
S3 epmntdrv;epmntdrv;c:\windows\System32\epmntdrv.sys [11/08/2009 10:20 9728]
S3 EuGdiDrv;EuGdiDrv;c:\windows\System32\EuGdiDrv.sys [11/08/2009 10:20 3072]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\rtl8187B.sys [31/03/2009 19:58 283136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA depois BFE mpssvc
.
.
------- Scan Suplementar -------
.
uInternet Settings,ProxyServer = 147.0.0.11:3128
IE: &Clean Traces - f:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - f:\program files\DAP\dapextie.htm
IE: Download &all with DAP - f:\program files\DAP\dapextie2.htm
IE: E&xportar para o Microsoft Excel - f:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {375A133E-96B3-434D-A4EF-EA8B7672DC2C} = 189.40.224.5 10.223.246.102
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-14 12:52
Windows 6.0.6000 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Tempo para conclusão: 2009-09-14 12:58
ComboFix-quarantined-files.txt 2009-09-14 15:57

Pré-execução: 43.235.545.088 bytes disponíveis
Pós execução: 43.105.431.552 bytes disponíveis

166

aguardando novas instruções
JoseMelo
Instale o SP2 e poste novo log do HijackThis:

http://www.microsoft.com/downloads/details...a3-99ff6f22448d
msalex
Caro jose melo,
você me indicou " Instale o SP2 e poste novo log do HijackThis: "
contudo o arquivo é muito pesado 475 mega e minha net é lenta,
existe outra forma de resolve meu problema
JoseMelo
Sistema desatualizado é sinônimo de problema, então faça a atualização para que as falhas de sistema e de segurança que houverem sejam corrigidas.

Baixe o arquivo em outra máquina, grave numa mídia e instale no seu sistema.
msalex
Caro josé melo,
estou baixando o sp2 já está em 50%
em breve estarei enviando o log
msalex
Caro josé melo,
já baixei o sp2!
Contudo o programa disse que eu não tenho o SP1
Estou baixando a quase uma semana (detalhe minha cidade, manaus tem a segunda internet mais lenta do país),
já estou em 30% em breve enviarei o log
desde já agradeço
msalex
Caro José Melo,
Segue o novo log do hijackthis após eu ter instalado o SP1 e SP2,
obs as pastas continuam ocultas.

Logfile of HijackThis v1.99.1
Scan saved at 14:54:26, on 05/10/2009
Platform: Unknown Windows (WinNT 6.00.1906 SP2)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
F:\Program Files\Panda Software\Panda Antivirus 6.0\Apvxdwin.exe
C:\Program Files\Windows Sidebar\sidebar.exe
F:\Program Files\DAP\DAP.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\alex mendes\Desktop\HijackThis\HijackThis.exe
C:\Windows\System32\mobsync.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 147.0.0.11:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - F:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "f:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "f:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APVXDWIN] "f:\Program Files\Panda Software\Panda Antivirus 6.0\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ScanInicio] "f:\Program Files\Panda Software\Panda Antivirus 6.0\Inicio.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DownloadAccelerator] "F:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - Startup: is-KJGCT.lnk = C:\Users\alex mendes\Desktop\Virus Removal Tool\is-KJGCT\startup.exe
O8 - Extra context menu item: &Clean Traces - f:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - F:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - F:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{375A133E-96B3-434D-A4EF-EA8B7672DC2C}: NameServer = 189.40.224.5 10.223.246.102
O17 - HKLM\System\CS1\Services\Tcpip\..\{375A133E-96B3-434D-A4EF-EA8B7672DC2C}: NameServer = 189.40.224.5 10.223.246.102
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Windows\SYSTEM32\pavsrv.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RealtekUSB - Realtek - C:\Program Files\REALTEK\USB Wireless LAN Utility\RtlService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

JoseMelo
Faça download do Kaspersky Virus Removal Tool. Salve no seu desktop (área de trabalho).
  • Instale o programa normalmente seguindo todos os seus passos.
  • Na tela principal do programa clique na opção "Meu computador" e depois clique no botão "Scan".
  • Seja paciente, o scan pode demorar
  • Se ele encontrar alguma infecção clique em "skip".
  • Após completar tudo clique na aba Events, desmarque a caixa de seleção "Show all events" e depois em "Save to file".
  • Dê um nome para o arquivo e salve numa pasta de sua preferência
  • Poste o conteúdo desse arquivo em sua próxima resposta.
msalex
Logfile of HijackThis v1.99.1
Scan saved at 22:39:57, on 13/10/2009
Platform: Unknown Windows (WinNT 6.00.1906 SP2)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\alex mendes\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 147.0.0.11:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - F:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "f:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "f:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APVXDWIN] "f:\Program Files\Panda Software\Panda Antivirus 6.0\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ScanInicio] "f:\Program Files\Panda Software\Panda Antivirus 6.0\Inicio.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DownloadAccelerator] "F:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - Startup: is-KJGCT.lnk = C:\Users\alex mendes\Desktop\Virus Removal Tool\is-KJGCT\startup.exe
O8 - Extra context menu item: &Clean Traces - f:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - F:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - F:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{375A133E-96B3-434D-A4EF-EA8B7672DC2C}: NameServer = 189.40.224.5 10.223.246.102
O17 - HKLM\System\CS1\Services\Tcpip\..\{375A133E-96B3-434D-A4EF-EA8B7672DC2C}: NameServer = 189.40.224.5 10.223.246.102
O17 - HKLM\System\CS2\Services\Tcpip\..\{375A133E-96B3-434D-A4EF-EA8B7672DC2C}: NameServer = 189.40.224.5 10.223.246.102
O17 - HKLM\System\CS3\Services\Tcpip\..\{375A133E-96B3-434D-A4EF-EA8B7672DC2C}: NameServer = 189.40.224.5 10.223.246.102
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Windows\SYSTEM32\pavsrv.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RealtekUSB - Realtek - C:\Program Files\REALTEK\USB Wireless LAN Utility\RtlService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

msalex
Scan
----
Scanned: 191232
Detected: 0
Untreated: 0
Start time: 13/10/2009 16:23:36
Duration: 01:41:50
Finish time: 13/10/2009 18:05:26


Detected
--------
Status Object
------ ------


JoseMelo
- Ok, o log está limpo smile.gif

- Digite no Executar combofix /u e clique em Ok. Na próxima janela clique em "Executar" e aguarde a remoção da ferramenta;

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:
  • Clique em Salvar e quando terminado o download, faça a instalação;
  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados
- Leitura recomendada:
http://www.linhadefensiva.org/forum/index....showtopic=75646

- Leia o artigo Proteja seu PC para maiores informações sobre como evitar infecções;

- Se não tiver mais problema, clique no botão
Imagem postada pelo usuário
e diga que o seu caso foi resolvido.
msalex
Caro jose melo,
meu problema ainda não foi resolvido,
minhas pastas continuam ocultas é só aparecem se eu for em opção de pasta de desmarcar a opção ocultar arquivos do SO,
desde já agradeço a atenção
agardando retorno
JoseMelo
O problema não tem relação com malware.
LUA
Problema Resolvido!

Caso o autor necessite que o tópico seja reaberto, entre em contato com um dos membros da equipe de moderação.
©2005-2010 Linha Defensiva. Todos os Direitos Reservados.

Invision Power Board © 2001-2010 Invision Power Services, Inc.
Adaptado por Shaun Harrison
Traduzido e modificado por Fantome e David, Lafter
Alteração para arquivamento por Altieres Rohr