guiguifrozem

não abriu(eu consegui abrir alguns programas mais tem uns q eu n consigo tipo steam) Achei isso na internet Cerberus é o nome do virus se ajuda em alguma coisa ta ai Cerberus FTP Server (http://www.cerberusftp.com/) - simples e funcional

combo fix txt ComboFix 10-11-24.01 - Guilherme 24/11/2010 21:53:14.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.461 [GMT -2:00] Executando de: c:\documents and settings\Guilherme\Meus documentos\Downloads\ComboFix.exe AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} ATENÇAO - ESTA MAQUINA não TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !! . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\28463 c:\windows\system32\28463\AKV.exe c:\windows\system32\28463\key.bin c:\windows\system32\28463\WICX.001 c:\windows\system32\28463\WICX.002 c:\windows\system32\28463\WICX.005 c:\windows\system32\28463\WICX.006 c:\windows\system32\28463\WICX.007 c:\windows\system32\28463\WICX.009 c:\windows\system32\28463\WICX.exe c:\windows\system32\28463\YFMT.001 c:\windows\system32\28463\YFMT.002 c:\windows\system32\28463\YFMT.005 c:\windows\system32\28463\YFMT.006 c:\windows\system32\28463\YFMT.007 c:\windows\system32\28463\YFMT.exe c:\windows\system32\bpk.dat c:\windows\system32\Cerberus c:\windows\system32\Cerberus\logs.dat c:\windows\system32\inst.dat c:\windows\system32\mc.dat c:\windows\system32\pk.bin c:\windows\system32\Thumbs.db c:\windows\wpe pro.INI . (((((((((((((((( Arquivos/Ficheiros criados de 2010-10-24 to 2010-11-24 )))))))))))))))))))))))))))) . 2010-11-24 17:24 . 2010-11-24 17:24 -------- d-----w- c:\documents and settings\Guilherme\Dados de aplicativos\EPSON 2010-11-23 23:30 . 2010-11-23 23:30 -------- d-----w- c:\arquivos de programas\W3i, LLC 2010-11-18 02:09 . 2010-11-18 02:09 -------- d-----w- c:\windows\system32\XPSViewer 2010-11-18 02:09 . 2010-11-18 02:09 -------- d-----w- c:\arquivos de programas\MSBuild 2010-11-18 02:09 . 2010-11-18 02:09 -------- d-----w- c:\arquivos de programas\Reference Assemblies 2010-11-18 02:09 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-11-18 02:08 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-11-18 02:08 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-11-18 02:08 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-11-18 02:08 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-11-18 02:08 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-11-18 02:08 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-11-18 02:08 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2010-11-18 02:08 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-11-17 22:07 . 2010-11-17 22:07 -------- d-----w- c:\arquivos de programas\RPG Maker XP 2010-11-16 22:43 . 2010-11-16 22:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus! 2010-11-16 22:43 . 2010-11-16 22:43 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live 2010-11-16 17:24 . 2010-11-16 22:42 -------- d-----w- c:\documents and settings\Guilherme\Dados de aplicati

DDR.txt DDS (Ver_10-12-12.02) - NTFSx86 Run by Guilherme at 16:42:03,32 on ter 28/12/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.502 [GMT -2:00] AV: ESET Smart Security 4.2 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *Disabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Arquivos de programas\Sandboxie\SbieSvc.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\System32\svchost.exe -k Akamai C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wscntfy.exe C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Documents and Settings\Guilherme\Meus documentos\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://br.ask.com?o=16596&l=dis&gct=hp BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll uRun: [skype] "d:\skype\phone\Skype.exe" /nosplash /minimized uRun: [sandboxieControl] "c:\arquivos de programas\sandboxie\SbieCtrl.exe" uRun: [Octoshape Streaming Services] "c:\documents and settings\guilherme\dados de aplicativos\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun uRun: [steam] "d:\steam\Steam.exe" -silent uRun: [WMPNSCFG] c:\arquivos de programas\windows media player\WMPNSCFG.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [RaidTool] c:\arquivos de programas\via\raid\raid_t mRun: [VTTimer] VTTimer.exe mRun: [VTTrayp] VTtrayp.exe mRun: [soundMan] SOUNDMAN.EXE mRun: [egui] "c:\arquivos de programas\eset\eset smart security\egui.exe" /hide /waitservice mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [AdobeCS5ServiceManager] "c:\arquivos de programas\arquivos comuns\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [sunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe" IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - d:\arquivos e programas\winhttrack\WinHTTrackIEBar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL Trusted Zone: com\www.msi Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.MSN.com/MessengerGamesContent/GameContent/pt/mjss/MJSS.cab109791.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.MSN.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280779277531 DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.MSN.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\guilhe~1\dadosd~1\mozilla\firefox\profiles\jdpd9e30.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2463487&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://br.ask.com?o=16596&l=dis&gct=hp FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\guilherme\dados de aplicativos\mozilla\firefox\profiles\jdpd9e30.default\extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5}\components\FFExternalAlert.dll FF - component: c:\documents and settings\guilherme\dados de aplicativos\mozilla\firefox\profiles\jdpd9e30.default\extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5}\components\RadioWMPCore.dll FF - component: c:\documents and settings\guilherme\dados de aplicativos\mozilla\firefox\profiles\jdpd9e30.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\guilherme\dados de aplicativos\mozilla\firefox\profiles\jdpd9e30.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll FF - component: c:\documents and settings\guilherme\dados de aplicativos\mozilla\firefox\profiles\jdpd9e30.default\extensions\{7301c777-daa9-43d3-b7f0-ee72ea134023}\components\RadioWMPCore.dll FF - component: c:\documents and settings\guilherme\dados de aplicativos\mozilla\firefox\profiles\jdpd9e30.default\extensions\{7301c777-daa9-43d3-b7f0-ee72ea134023}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\guilherme\dados de aplicativos\mozilla\firefox\profiles\jdpd9e30.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll FF - component: c:\documents and settings\guilherme\dados de aplicativos\mozilla\firefox\profiles\jdpd9e30.default\extensions\engine@conduit.com\components\RadioWMPCore.dll FF - component: c:\documents and settings\guilherme\dados de aplicativos\mozilla\firefox\profiles\jdpd9e30.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\guilherme\dados de aplicativos\mozilla\firefox\profiles\jdpd9e30.default\extensions\twitternotifier@naan.net\platform\winnt\components\nsTwitterFoxSign.dll FF - plugin: c:\documents and settings\guilherme\configuraã§ãµes locais\dados de aplicativos\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\documents and settings\guilherme\dados de aplicativos\mozilla\firefox\profiles\jdpd9e30.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - plugin: c:\documents and settings\guilherme\dados de aplicativos\mozilla\plugins\npoctoshape.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Firebug: firebug@software.joehewitt.com - c:\arquivos de programas\mozilla firefox\extensions\firebug@software.joehewitt.com FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - c:\arquivos de programas\mozilla firefox\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} FF - Ext: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - c:\arquivos de programas\mozilla firefox\extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5} FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - c:\arquivos de programas\mozilla firefox\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - c:\arquivos de programas\mozilla firefox\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\arquivos de programas\mozilla firefox\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - %profile%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - %profile%\extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5} FF - Ext: Echofon: twitternotifier@naan.net - %profile%\extensions\twitternotifier@naan.net FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: InnoGames Portugal Community Toolbar: {7301c777-daa9-43d3-b7f0-ee72ea134023} - %profile%\extensions\{7301c777-daa9-43d3-b7f0-ee72ea134023} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension ============= SERVICES / DRIVERS =============== R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2010-8-2 22168] R1 atitray;atitray;c:\arquivos de programas\ray adams\ati tray tools\atitray.sys [2007-5-22 18088] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-3-24 114984] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336] R2 ekrn;ESET Service;c:\arquivos de programas\eset\eset smart security\ekrn.exe [2010-3-24 810120] R3 SbieDrv;SbieDrv;c:\arquivos de programas\sandboxie\SbieDrv.sys [2010-8-9 123112] S3 CEDRIVER55;CEDRIVER55;\??\c:\arquivos de programas\cheat engine\dbk32.sys --> c:\arquivos de programas\cheat engine\dbk32.sys [?] S3 ddsxeiservice;ddsxeiservice2;c:\arquivos de programas\sxe injected\ddsxei.sys [2010-11-18 91904] S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\msi\msiwdev\DVDSYS32_100507.sys [2010-5-10 22328] S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\msi\msiwdev\msibios32_100507.sys [2010-5-10 25912] S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\msi\msiwdev\VGASYS32_100507.sys [2010-5-10 16696] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 XDva327;XDva327;\??\c:\windows\system32\xdva327.sys --> c:\windows\system32\XDva327.sys [?] =============== Created Last 30 ================ 2010-12-27 18:01:09 -------- d-----w- c:\documents and settings\guilherme\neoncube 2010-12-24 15:56:36 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2010-12-24 15:56:36 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2010-12-23 01:02:48 388096 ----a-r- c:\docume~1\guilhe~1\dadosd~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2010-12-23 01:02:47 -------- d-----w- c:\arquivos de programas\Trend Micro 2010-12-19 19:28:43 -------- d-----w- c:\docume~1\guilhe~1\dadosd~1\QuickScan 2010-12-15 23:27:13 -------- d-sha-r- C:\cmdcons 2010-12-15 23:06:32 98816 ----a-w- c:\windows\sed.exe 2010-12-15 23:06:32 89088 ----a-w- c:\windows\MBR.exe 2010-12-15 23:06:32 256512 ----a-w- c:\windows\PEV.exe 2010-12-15 23:06:32 161792 ----a-w- c:\windows\SWREG.exe 2010-12-11 22:23:53 -------- d-----w- c:\docume~1\guilhe~1\config~1\dadosd~1\Nero 2010-12-09 00:28:43 32768 ----a-r- c:\docume~1\guilhe~1\dadosd~1\microsoft\installer\{d5ed7257-315e-4ac9-a1d1-ffd8948a47a6}\_5E45FB59D9CC_4295_B17D_B0A3E575CECC.exe 2010-12-08 16:02:09 26176 ---há-w- c:\windows\system32\hamachi.sys 2010-12-04 17:21:42 -------- d-----w- c:\arquivos de programas\Nero 2010-12-04 17:21:04 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Nero 2010-11-29 17:18:45 -------- d-----w- c:\windows\system32\NtmsData ==================== Find3M ==================== 2010-11-18 18:15:22 86016 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:21:10 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:21:08 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:21:08 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:27:25 385024 ----a-w- c:\windows\system32\html.iec 2010-10-28 13:09:04 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:58:48 1853440 ----a-w- c:\windows\system32\win32k.sys 2010-10-02 16:32:41 2887680 ----a-w- c:\windows\system32\VagalumePluginWMP.dll ============= FINISH: 16:42:48,48 ===============

Naum abriu

Oi galera so novo por aqui :huh: já vi muitos topicos assim n sei se isso e flood porque nenhuma das formas me ajudou :blink: : meu windows paro de executar todas as extensões do nada;detalhe meu combofix detecto um virus CEREBRUS não sei se foi isso tava na internet quando isso aconteceu :huh: