Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Alejjj

Virus Virtumonde!!!!! Não consigo remove-lo - O que faço???

Recommended Posts

Não consigo remover esse virus do meu micro.... Tenho o spybot e o nod 32!!

Alguem pode me ajudar????

Obs: Olha o que o Spybot fala desse virus:

"Empresa:

Produto: Virtumonde

Tipo: Trojan

Descrição

Virtumonde copies itself to the system folder and creates a BHO. Virtumonde connects to malicious websites in background. It also adds a randomly named dll to the Winlogon Notify, which will make it very resistable to removal. If you need help with removal please contact Team Spybot S&D via forums or email."

Compartilhar este post


Link para o post
Compartilhar em outros sites

Alejjj, bem-vindo (a) ao fórum do Clube do Hardware.

@- Baixe o Combofix;

- Copie as instruções para o bloco de notas ou imprima!

:: Desabilite/Feche o seu antivirus antes de fazer os procedimentos abaixos ::

@- Feche todas as janelas abertas e execute a Ferramenta ComboFix.

  • Digite a opção para continuar e <ENTER>.
  • Não abra, nem feche nenhum programa até terminar o scan. Aguarde pacientemente...

- Se necessário, o programa vai reiniciar o seu computador. Reinicie em modo normal...

- Log reservado: C:\ComboFix.txt

@- Baixe o HijackThis, colocando numa pasta em C:\HIJACK\HijackThis.exe

- Para executá-lo, feche todas as janelas abertas e clique em Do a system scan and save a logfile.

- Aguarde até o bloco de notas abrir com o logfile.

@- Copie os logs do Hijack (atualizado), ComboFix.txt e cole-os na sequência.

Mr. Coruj@

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Muito obrigado pela atenção Sr. Coruja......

    Não sei se fiz corretamente o que o Sr. me pediu!! (porquê quando reiniciou meu computador, o windows ativou o nod32 e o spybot e o spybot começou a "negar" umas entradas de registros modificadas....

    Segue abaixo os logs:

    ComboFix 07-08-04.3 - "Alessandro" 2007-08-06 19:39:31.1 [GMT -3:00] - NTFS

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.Verdadeiro

    * Created a new restore point

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\DOCUME~1\ALESSA~1\DADOSD~1\tmp38A.tmp.exe

    C:\DOCUME~1\ALESSA~1\DADOSD~1\tmp3AC.tmp.exe

    C:\DOCUME~1\ALESSA~1\DADOSD~1\tmp3AD.tmp.exe

    C:\DOCUME~1\ALESSA~1\DADOSD~1\tmp3AE.tmp.exe

    C:\DOCUME~1\ALESSA~1\DADOSD~1\tmp3B1.tmp.exe

    C:\DOCUME~1\ALESSA~1\DADOSD~1\tmp3C5.tmp.exe

    C:\DOCUME~1\ALESSA~1\DADOSD~1\tmp3DC.tmp.exe

    C:\DOCUME~1\ALESSA~1\DADOSD~1\tmp3DD.tmp.exe

    C:\DOCUME~1\ALESSA~1\DADOSD~1\tmp3DE.tmp.exe

    C:\DOCUME~1\ALESSA~1\DADOSD~1\tmp3FE.tmp.exe

    C:\DOCUME~1\ALESSA~1\DADOSD~1\tmp4D0.tmp.exe

    C:\DOCUME~1\ALESSA~1\DADOSD~1\tmp4D1.tmp.exe

    C:\DOCUME~1\ALESSA~1\DADOSD~1\tmpBB6.tmp.exe

    C:\DOCUME~1\ALESSA~1\DADOSD~1\tmpBB7.tmp.exe

    C:\DOCUME~1\ALESSA~1\DADOSD~1\tmpC69.tmp.exe

    C:\DOCUME~1\ALESSA~1\DADOSD~1\tmpC85.tmp.exe

    C:\DOCUME~1\ALESSA~1\DADOSD~1\tmpC86.tmp.exe

    C:\DOCUME~1\ALESSA~1\DADOSD~1\tmpC87.tmp.exe

    C:\DOCUME~1\ALESSA~1\DADOSD~1\tmpCA3.tmp.exe

    C:\WINDOWS\system32\dnac3e7b63.dat

    C:\WINDOWS\system32\mqs3d9.dll

    C:\WINDOWS\system32\ssqpn.exe

    C:\WINDOWS\system32\ssqrp.exe

    C:\WINDOWS\xhelper.dll

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    -------\nm

    ((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 )))))))))))))))))))))))))))))))

    2007-08-06 19:38 51,200 --a------ C:\WINDOWS\nircmd.exe

    2007-08-06 05:21 25,152 --a------ C:\WINDOWS\system32\vFQ0M110.exe

    2007-08-05 21:38 92,634 --a------ C:\WINDOWS\system32\drwtub.dll.vir

    2007-08-05 21:09 <DIR> d-------- C:\VundoFix Backups

    2007-08-05 18:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

    2007-08-05 06:38 92,730 --a------ C:\WINDOWS\system32\ati3vaa.dll.vir

    2007-08-05 06:37 13,380 --a------ C:\WINDOWS\system32\jkkllif.dll

    2007-08-05 06:11 25,664 --a------ C:\WINDOWS\system32\TfW38AJF.exe

    2007-08-04 09:02 <DIR> d-------- C:\DOCUME~1\ALESSA~1\Contacts

    2007-08-04 09:01 <DIR> d-------- C:\Arquivos de programas\MSN Messenger

    2007-07-31 20:16 <DIR> d-------- C:\WINDOWS\CSC

    2007-07-30 18:39 84,992 --a------ C:\WINDOWS\WebAssist.dll

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-06 19:43 --------- d-------- C:\Arquivos de programas\RSSoft

    2007-08-06 11:32 --------- d-------- C:\Arquivos de programas\MZ Manager 2

    2007-07-31 11:30 --------- d-------- C:\Arquivos de programas\eMule

    2007-07-30 18:50 --------- d-------- C:\Arquivos de programas\SBCon

    2007-06-30 16:35 --------- d-------- C:\DOCUME~1\ALESSA~1\DADOSD~1\Image Zone Express

    2007-06-27 04:58 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

    2007-06-27 04:58 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf

    2007-06-27 04:58 --------- d-------- C:\Arquivos de programas\Motorola Phone Tools

    2007-06-27 04:57 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Motorola Shared

    2007-06-26 11:56 445 --a------ C:\WINDOWS\EntPack.dat

    2007-06-10 13:10 2560 --a------ C:\WINDOWS\system32\bitcometres.dll

    2007-06-08 07:05 --------- d-------- C:\Arquivos de programas\Palmeiras Script

    2007-05-11 12:12 1901 --a------ C:\WINDOWS\panose.bin

    2007-05-11 12:00 8 --a------ C:\WINDOWS\system32\nvModes.dat

    2003-04-22 20:02 135168 --a------ C:\Arquivos de programas\AVIPreview.exe

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]

    "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]

    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]

    "NWEReboot"="" []

    "nod32kui"="C:\Arquivos de programas\Eset\nod32kui.exe" [2007-03-30 00:13]

    "RTHDCPL"="RTHDCPL.EXE" [2005-05-25 12:37 C:\WINDOWS\RTHDCPL.EXE]

    "Alcmtr"="ALCMTR.EXE" [2005-05-03 15:43 C:\WINDOWS\ALCMTR.EXE]

    "HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-08-30 15:05]

    "Red Swoosh"="C:\Arquivos de programas\RSSoft\RedSwoosh.exe" [2007-04-20 23:11]

    "SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2007-07-10 21:47]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

    "SpybotDeletingD2685"=cmd /c del "C:\WINDOWS\system32\ati3vaa.dll"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

    "SpybotDeletingA6303"=command /c del "C:\WINDOWS\system32\ati3vaa.dll"

    "SpybotDeletingC4758"=cmd /c del "C:\WINDOWS\system32\ati3vaa.dll"

    "SpybotDeletingA83"=command /c del "C:\WINDOWS\system32\ati3vaa.dll"

    "SpybotDeletingC2817"=cmd /c del "C:\WINDOWS\system32\ati3vaa.dll"

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

    HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

    Image Transfer.lnk - C:\Arquivos de programas\Sony Corporation\Image Transfer\SonyTray.exe [2007-03-29 23:57:44]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "appinit_dlls"=c:\windows\system32\jkkllif.dll

    R0 RecAgent;RecAgent;C:\WINDOWS\system32\DRIVERS\RecAgent.sys

    R0 SI3132;SiI-3132 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3132.sys

    R0 SiFilter;SATALink driver accelerator;C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys

    R1 CloneCD;CloneCD I/O Driver;C:\WINDOWS\system32\drivers\CloneCD.sys

    R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e1e5132.sys

    R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys

    S3 Bridge;MAC Bridge;C:\WINDOWS\system32\DRIVERS\bridge.sys

    S3 BridgeMP;Miniporta de ponte MAC;C:\WINDOWS\system32\DRIVERS\bridge.sys

    S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys

    S3 Mtlmnt5;Mtlmnt5;C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys

    S3 Mtlstrm;Mtlstrm;C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys

    S3 NAL;Nal Service ;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys

    S3 NtMtlFax;NtMtlFax;C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys

    S3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys

    S3 Slntamr;Smart Link 56K Modem Driver;C:\WINDOWS\system32\DRIVERS\slntamr.sys

    S3 SlNtHal;SlNtHal;C:\WINDOWS\system32\DRIVERS\Slnthal.sys

    S3 SlWdmSup;SlWdmSup;C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys

    S3 usbser;Motorola A1000 USB Modem Driver;C:\WINDOWS\system32\DRIVERS\usbser.sys

    S3 usbsermpt;Motorola USB Modem Driver for MPT;C:\WINDOWS\system32\DRIVERS\usbsermpt.sys

    S3 Wdf01000;Wdf01000;C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32d173e8-decc-11db-887e-0015f265d317}]

    AutoRun\command- F:\autorun6e.exe

    Contents of the 'Scheduled Tasks' folder

    2007-07-27 03:00:00 C:\WINDOWS\Tasks\At1.job

    2007-08-05 12:00:00 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\system32\3qe2JUUp.exe

    2007-08-05 09:11:53 C:\WINDOWS\Tasks\At100.job - C:\WINDOWS\system32\TfW38AJF.exe

    2007-08-05 09:11:53 C:\WINDOWS\Tasks\At101.job - C:\WINDOWS\system32\TfW38AJF.exe

    2007-08-05 09:11:53 C:\WINDOWS\Tasks\At102.job - C:\WINDOWS\system32\TfW38AJF.exe

    2007-08-06 09:01:00 C:\WINDOWS\Tasks\At103.job - C:\WINDOWS\system32\TfW38AJF.exe

    2007-08-05 10:01:00 C:\WINDOWS\Tasks\At104.job - C:\WINDOWS\system32\TfW38AJF.exe

    2007-08-05 11:01:00 C:\WINDOWS\Tasks\At105.job - C:\WINDOWS\system32\TfW38AJF.exe

    2007-08-05 12:01:00 C:\WINDOWS\Tasks\At106.job - C:\WINDOWS\system32\TfW38AJF.exe

    2007-08-05 09:11:53 C:\WINDOWS\Tasks\At107.job - C:\WINDOWS\system32\TfW38AJF.exe

    2007-08-05 09:11:53 C:\WINDOWS\Tasks\At108.job - C:\WINDOWS\system32\TfW38AJF.exe

    2007-08-06 15:02:03 C:\WINDOWS\Tasks\At109.job - C:\WINDOWS\system32\TfW38AJF.exe

    2007-07-31 13:00:00 C:\WINDOWS\Tasks\At11.job

    2007-08-06 16:01:00 C:\WINDOWS\Tasks\At110.job - C:\WINDOWS\system32\TfW38AJF.exe

    2007-08-06 17:01:00 C:\WINDOWS\Tasks\At111.job - C:\WINDOWS\system32\TfW38AJF.exe

    2007-08-05 09:11:53 C:\WINDOWS\Tasks\At112.job - C:\WINDOWS\system32\TfW38AJF.exe

    2007-08-05 09:11:53 C:\WINDOWS\Tasks\At113.job - C:\WINDOWS\system32\TfW38AJF.exe

    2007-08-05 20:02:01 C:\WINDOWS\Tasks\At114.job - C:\WINDOWS\system32\TfW38AJF.exe

    2007-08-05 09:11:53 C:\WINDOWS\Tasks\At115.job - C:\WINDOWS\system32\TfW38AJF.exe

    2007-08-05 22:01:43 C:\WINDOWS\Tasks\At116.job - C:\WINDOWS\system32\TfW38AJF.exe

    2007-08-05 23:01:00 C:\WINDOWS\Tasks\At117.job - C:\WINDOWS\system32\TfW38AJF.exe

    2007-08-06 00:01:43 C:\WINDOWS\Tasks\At118.job - C:\WINDOWS\system32\TfW38AJF.exe

    2007-08-06 01:01:37 C:\WINDOWS\Tasks\At119.job - C:\WINDOWS\system32\TfW38AJF.exe

    2007-08-04 14:00:00 C:\WINDOWS\Tasks\At12.job

    2007-08-05 09:11:53 C:\WINDOWS\Tasks\At120.job - C:\WINDOWS\system32\TfW38AJF.exe

    2007-08-06 08:21:02 C:\WINDOWS\Tasks\At121.job - C:\WINDOWS\system32\vFQ0M110.exe

    2007-08-06 08:21:02 C:\WINDOWS\Tasks\At122.job - C:\WINDOWS\system32\vFQ0M110.exe

    2007-08-06 08:21:02 C:\WINDOWS\Tasks\At123.job - C:\WINDOWS\system32\vFQ0M110.exe

    2007-08-06 08:21:02 C:\WINDOWS\Tasks\At124.job - C:\WINDOWS\system32\vFQ0M110.exe

    2007-08-06 08:21:02 C:\WINDOWS\Tasks\At125.job - C:\WINDOWS\system32\vFQ0M110.exe

    2007-08-06 08:21:02 C:\WINDOWS\Tasks\At126.job - C:\WINDOWS\system32\vFQ0M110.exe

    2007-08-06 09:01:00 C:\WINDOWS\Tasks\At127.job

    2007-08-06 08:21:02 C:\WINDOWS\Tasks\At128.job - C:\WINDOWS\system32\vFQ0M110.exe

    2007-08-06 08:21:02 C:\WINDOWS\Tasks\At129.job - C:\WINDOWS\system32\vFQ0M110.exe

    2007-08-06 15:00:00 C:\WINDOWS\Tasks\At13.job

    2007-08-06 08:21:02 C:\WINDOWS\Tasks\At130.job - C:\WINDOWS\system32\vFQ0M110.exe

    2007-08-06 08:21:02 C:\WINDOWS\Tasks\At131.job - C:\WINDOWS\system32\vFQ0M110.exe

    2007-08-06 08:21:02 C:\WINDOWS\Tasks\At132.job - C:\WINDOWS\system32\vFQ0M110.exe

    2007-08-06 15:01:00 C:\WINDOWS\Tasks\At133.job - C:\WINDOWS\system32\vFQ0M110.exe

    2007-08-06 16:01:00 C:\WINDOWS\Tasks\At134.job - C:\WINDOWS\system32\vFQ0M110.exe

    2007-08-06 17:01:00 C:\WINDOWS\Tasks\At135.job

    2007-08-06 08:21:02 C:\WINDOWS\Tasks\At136.job - C:\WINDOWS\system32\vFQ0M110.exe

    2007-08-06 08:21:02 C:\WINDOWS\Tasks\At137.job - C:\WINDOWS\system32\vFQ0M110.exe

    2007-08-06 08:21:02 C:\WINDOWS\Tasks\At138.job - C:\WINDOWS\system32\vFQ0M110.exe

    2007-08-06 08:21:02 C:\WINDOWS\Tasks\At139.job - C:\WINDOWS\system32\vFQ0M110.exe

    2007-08-06 16:00:00 C:\WINDOWS\Tasks\At14.job

    2007-08-06 08:21:02 C:\WINDOWS\Tasks\At140.job - C:\WINDOWS\system32\vFQ0M110.exe

    2007-08-06 08:21:02 C:\WINDOWS\Tasks\At141.job - C:\WINDOWS\system32\vFQ0M110.exe

    2007-08-06 08:21:02 C:\WINDOWS\Tasks\At142.job - C:\WINDOWS\system32\vFQ0M110.exe

    2007-08-06 08:21:02 C:\WINDOWS\Tasks\At143.job - C:\WINDOWS\system32\vFQ0M110.exe

    2007-08-06 08:21:02 C:\WINDOWS\Tasks\At144.job - C:\WINDOWS\system32\vFQ0M110.exe

    2007-08-06 17:00:00 C:\WINDOWS\Tasks\At15.job

    2007-08-04 18:00:00 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\system32\3qe2JUUp.exe

    2007-08-02 19:00:00 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\system32\3qe2JUUp.exe

    2007-08-05 20:00:00 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\3qe2JUUp.exe

    2007-08-03 21:00:00 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\system32\3qe2JUUp.exe

    2007-07-27 04:00:00 C:\WINDOWS\Tasks\At2.job

    2007-08-05 22:00:00 C:\WINDOWS\Tasks\At20.job

    2007-08-05 23:00:00 C:\WINDOWS\Tasks\At21.job

    2007-08-06 00:00:00 C:\WINDOWS\Tasks\At22.job

    2007-08-06 01:00:00 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\system32\3qe2JUUp.exe

    2007-07-28 02:00:00 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\system32\3qe2JUUp.exe

    2007-07-27 03:00:30 C:\WINDOWS\Tasks\At25.job - C:\WINDOWS\system32\l5f3e5u5.exe

    2007-07-27 04:00:30 C:\WINDOWS\Tasks\At26.job - C:\WINDOWS\system32\l5f3e5u5.exe

    2007-07-27 05:00:30 C:\WINDOWS\Tasks\At27.job - C:\WINDOWS\system32\l5f3e5u5.exe

    2007-07-27 06:00:30 C:\WINDOWS\Tasks\At28.job - C:\WINDOWS\system32\l5f3e5u5.exe

    2007-07-27 07:00:30 C:\WINDOWS\Tasks\At29.job - C:\WINDOWS\system32\l5f3e5u5.exe

    2007-07-27 05:00:00 C:\WINDOWS\Tasks\At3.job

    2007-08-04 08:00:00 C:\WINDOWS\Tasks\At30.job - C:\WINDOWS\system32\l5f3e5u5.exe

    2007-08-06 09:00:00 C:\WINDOWS\Tasks\At31.job - C:\WINDOWS\system32\l5f3e5u5.exe

    2007-08-05 10:00:00 C:\WINDOWS\Tasks\At32.job - C:\WINDOWS\system32\l5f3e5u5.exe

    2007-08-05 11:00:00 C:\WINDOWS\Tasks\At33.job - C:\WINDOWS\system32\l5f3e5u5.exe

    2007-08-05 12:00:00 C:\WINDOWS\Tasks\At34.job - C:\WINDOWS\system32\l5f3e5u5.exe

    2007-07-31 13:00:00 C:\WINDOWS\Tasks\At35.job - C:\WINDOWS\system32\l5f3e5u5.exe

    2007-08-04 14:00:00 C:\WINDOWS\Tasks\At36.job - C:\WINDOWS\system32\l5f3e5u5.exe

    2007-08-06 15:00:00 C:\WINDOWS\Tasks\At37.job - C:\WINDOWS\system32\l5f3e5u5.exe

    2007-08-06 16:00:00 C:\WINDOWS\Tasks\At38.job - C:\WINDOWS\system32\l5f3e5u5.exe

    2007-08-06 17:00:00 C:\WINDOWS\Tasks\At39.job - C:\WINDOWS\system32\l5f3e5u5.exe

    2007-07-27 06:00:00 C:\WINDOWS\Tasks\At4.job

    2007-08-04 18:00:00 C:\WINDOWS\Tasks\At40.job - C:\WINDOWS\system32\l5f3e5u5.exe

    2007-08-02 19:00:00 C:\WINDOWS\Tasks\At41.job - C:\WINDOWS\system32\l5f3e5u5.exe

    2007-08-05 20:00:00 C:\WINDOWS\Tasks\At42.job - C:\WINDOWS\system32\l5f3e5u5.exe

    2007-08-03 21:00:00 C:\WINDOWS\Tasks\At43.job - C:\WINDOWS\system32\l5f3e5u5.exe

    2007-08-05 22:00:00 C:\WINDOWS\Tasks\At44.job - C:\WINDOWS\system32\l5f3e5u5.exe

    2007-08-05 23:00:00 C:\WINDOWS\Tasks\At45.job - C:\WINDOWS\system32\l5f3e5u5.exe

    2007-08-06 00:00:00 C:\WINDOWS\Tasks\At46.job - C:\WINDOWS\system32\l5f3e5u5.exe

    2007-08-06 01:00:00 C:\WINDOWS\Tasks\At47.job - C:\WINDOWS\system32\l5f3e5u5.exe

    2007-07-28 02:00:30 C:\WINDOWS\Tasks\At48.job - C:\WINDOWS\system32\l5f3e5u5.exe

    2007-07-28 19:55:35 C:\WINDOWS\Tasks\At49.job - C:\WINDOWS\system32\K535TD2Y.exe

    2007-07-27 07:00:00 C:\WINDOWS\Tasks\At5.job

    2007-07-28 19:55:35 C:\WINDOWS\Tasks\At50.job - C:\WINDOWS\system32\K535TD2Y.exe

    2007-07-28 19:55:35 C:\WINDOWS\Tasks\At51.job - C:\WINDOWS\system32\K535TD2Y.exe

    2007-07-28 19:55:35 C:\WINDOWS\Tasks\At52.job - C:\WINDOWS\system32\K535TD2Y.exe

    2007-07-28 19:55:35 C:\WINDOWS\Tasks\At53.job - C:\WINDOWS\system32\K535TD2Y.exe

    2007-08-04 08:00:00 C:\WINDOWS\Tasks\At54.job - C:\WINDOWS\system32\K535TD2Y.exe

    2007-08-06 09:00:00 C:\WINDOWS\Tasks\At55.job - C:\WINDOWS\system32\K535TD2Y.exe

    2007-08-05 10:00:00 C:\WINDOWS\Tasks\At56.job - C:\WINDOWS\system32\K535TD2Y.exe

    2007-08-05 11:00:00 C:\WINDOWS\Tasks\At57.job - C:\WINDOWS\system32\K535TD2Y.exe

    2007-08-05 12:00:00 C:\WINDOWS\Tasks\At58.job - C:\WINDOWS\system32\K535TD2Y.exe

    2007-07-31 13:00:00 C:\WINDOWS\Tasks\At59.job - C:\WINDOWS\system32\K535TD2Y.exe

    2007-08-04 08:00:00 C:\WINDOWS\Tasks\At6.job

    2007-08-04 14:00:00 C:\WINDOWS\Tasks\At60.job - C:\WINDOWS\system32\K535TD2Y.exe

    2007-08-06 15:00:00 C:\WINDOWS\Tasks\At61.job - C:\WINDOWS\system32\K535TD2Y.exe

    2007-08-06 16:00:00 C:\WINDOWS\Tasks\At62.job - C:\WINDOWS\system32\K535TD2Y.exe

    2007-08-06 17:00:00 C:\WINDOWS\Tasks\At63.job - C:\WINDOWS\system32\K535TD2Y.exe

    2007-08-04 18:00:00 C:\WINDOWS\Tasks\At64.job - C:\WINDOWS\system32\K535TD2Y.exe

    2007-08-02 19:00:00 C:\WINDOWS\Tasks\At65.job - C:\WINDOWS\system32\K535TD2Y.exe

    2007-08-05 20:00:00 C:\WINDOWS\Tasks\At66.job - C:\WINDOWS\system32\K535TD2Y.exe

    2007-08-03 21:00:00 C:\WINDOWS\Tasks\At67.job - C:\WINDOWS\system32\K535TD2Y.exe

    2007-08-05 22:00:00 C:\WINDOWS\Tasks\At68.job - C:\WINDOWS\system32\K535TD2Y.exe

    2007-08-05 23:00:00 C:\WINDOWS\Tasks\At69.job - C:\WINDOWS\system32\K535TD2Y.exe

    2007-08-06 09:00:00 C:\WINDOWS\Tasks\At7.job

    2007-08-06 00:00:00 C:\WINDOWS\Tasks\At70.job - C:\WINDOWS\system32\K535TD2Y.exe

    2007-08-06 01:00:00 C:\WINDOWS\Tasks\At71.job - C:\WINDOWS\system32\K535TD2Y.exe

    2007-07-28 19:55:35 C:\WINDOWS\Tasks\At72.job

    2007-07-29 08:28:56 C:\WINDOWS\Tasks\At73.job - C:\WINDOWS\system32\CK6WLmQ2.exe

    2007-07-29 08:28:56 C:\WINDOWS\Tasks\At74.job - C:\WINDOWS\system32\CK6WLmQ2.exe

    2007-07-29 08:28:56 C:\WINDOWS\Tasks\At75.job

    2007-07-29 08:28:56 C:\WINDOWS\Tasks\At76.job - C:\WINDOWS\system32\CK6WLmQ2.exe

    2007-07-29 08:28:56 C:\WINDOWS\Tasks\At77.job - C:\WINDOWS\system32\CK6WLmQ2.exe

    2007-08-04 08:00:00 C:\WINDOWS\Tasks\At78.job - C:\WINDOWS\system32\CK6WLmQ2.exe

    2007-08-06 09:00:00 C:\WINDOWS\Tasks\At79.job - C:\WINDOWS\system32\CK6WLmQ2.exe

    2007-08-05 10:00:00 C:\WINDOWS\Tasks\At8.job

    2007-08-05 10:00:00 C:\WINDOWS\Tasks\At80.job - C:\WINDOWS\system32\CK6WLmQ2.exe

    2007-08-05 11:00:00 C:\WINDOWS\Tasks\At81.job - C:\WINDOWS\system32\CK6WLmQ2.exe

    2007-08-05 12:00:00 C:\WINDOWS\Tasks\At82.job - C:\WINDOWS\system32\CK6WLmQ2.exe

    2007-07-31 13:00:00 C:\WINDOWS\Tasks\At83.job - C:\WINDOWS\system32\CK6WLmQ2.exe

    2007-08-04 14:00:00 C:\WINDOWS\Tasks\At84.job - C:\WINDOWS\system32\CK6WLmQ2.exe

    2007-08-06 15:00:00 C:\WINDOWS\Tasks\At85.job - C:\WINDOWS\system32\CK6WLmQ2.exe

    2007-08-06 16:00:00 C:\WINDOWS\Tasks\At86.job - C:\WINDOWS\system32\CK6WLmQ2.exe

    2007-08-06 17:00:00 C:\WINDOWS\Tasks\At87.job - C:\WINDOWS\system32\CK6WLmQ2.exe

    2007-08-04 18:00:00 C:\WINDOWS\Tasks\At88.job - C:\WINDOWS\system32\CK6WLmQ2.exe

    2007-08-02 19:00:00 C:\WINDOWS\Tasks\At89.job - C:\WINDOWS\system32\CK6WLmQ2.exe

    2007-08-05 11:00:00 C:\WINDOWS\Tasks\At9.job

    2007-08-05 20:00:00 C:\WINDOWS\Tasks\At90.job - C:\WINDOWS\system32\CK6WLmQ2.exe

    2007-08-03 21:00:00 C:\WINDOWS\Tasks\At91.job - C:\WINDOWS\system32\CK6WLmQ2.exe

    2007-08-05 22:00:00 C:\WINDOWS\Tasks\At92.job - C:\WINDOWS\system32\CK6WLmQ2.exe

    2007-08-05 23:00:00 C:\WINDOWS\Tasks\At93.job - C:\WINDOWS\system32\CK6WLmQ2.exe

    2007-08-06 00:00:00 C:\WINDOWS\Tasks\At94.job - C:\WINDOWS\system32\CK6WLmQ2.exe

    2007-08-06 01:00:00 C:\WINDOWS\Tasks\At95.job

    2007-07-29 08:28:56 C:\WINDOWS\Tasks\At96.job - C:\WINDOWS\system32\CK6WLmQ2.exe

    2007-08-05 09:11:53 C:\WINDOWS\Tasks\At97.job - C:\WINDOWS\system32\TfW38AJF.exe

    2007-08-05 09:11:53 C:\WINDOWS\Tasks\At98.job - C:\WINDOWS\system32\TfW38AJF.exe

    2007-08-05 09:11:53 C:\WINDOWS\Tasks\At99.job - C:\WINDOWS\system32\TfW38AJF.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-08-06 19:42:59

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    scanning hidden files ...

    C:\WINDOWS\system32\jkkjj.exe

    scan completed successfully

    hidden files: 1

    **************************************************************************

    Completion time: 2007-08-06 19:43:49 - machine was rebooted

    C:\ComboFix-quarantined-files.txt ... 2007-08-06 19:43

    --- E O F ---

    **********************************************

    **********************************************

    Logfile of HijackThis v1.99.1

    Scan saved at 19:47:50, on 6/8/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Arquivos de programas\Eset\nod32kui.exe

    C:\WINDOWS\RTHDCPL.EXE

    C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

    C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

    C:\Arquivos de programas\RSSoft\RedSwoosh.exe

    C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

    C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

    C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Arquivos de programas\Sony Corporation\Image Transfer\SonyTray.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Arquivos de programas\Eset\nod32krn.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\system32\RunDll32.exe

    C:\WINDOWS\system32\notepad.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\HIJACK\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: (no name) - {5f041c26-3c82-473f-a970-ab2a532bc890} - C:\WINDOWS\system32\icmw01.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\RunOnce: [spybotDeletingA6303] command /c del "C:\WINDOWS\system32\ati3vaa.dll"

    O4 - HKLM\..\RunOnce: [spybotDeletingC4758] cmd /c del "C:\WINDOWS\system32\ati3vaa.dll"

    O4 - HKLM\..\RunOnce: [spybotDeletingA83] command /c del "C:\WINDOWS\system32\ati3vaa.dll"

    O4 - HKLM\..\RunOnce: [spybotDeletingC2817] cmd /c del "C:\WINDOWS\system32\ati3vaa.dll"

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

    O4 - HKCU\..\Run: [Red Swoosh] C:\Arquivos de programas\RSSoft\RedSwoosh.exe /S

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\RunOnce: [spybotDeletingD2685] cmd /c del "C:\WINDOWS\system32\ati3vaa.dll"

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: Image Transfer.lnk = ?

    O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\Alessandro\Desktop\bitcomet\BitComet.exe/AddAllLink.htm

    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\Alessandro\Desktop\bitcomet\BitComet.exe/AddVideo.htm

    O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\Alessandro\Desktop\bitcomet\BitComet.exe/AddLink.htm

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\icmw01.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\icmw01.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O20 - AppInit_DLLs: c:\windows\system32\jkkllif.dll

    O20 - Winlogon Notify: icmw01 - C:\WINDOWS\SYSTEM32\icmw01.dll

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

    O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

    Aguardo .......

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Por favor.... me ajudem..... esta praticamente impossivel de entrar no computador.....

    Grato

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Opa amigo, desculpe-me pela demora. Poderia atualizar os logs de acordo com o meu post #2. É só rodar os programas novamente e gerar os logs, ok?

    Um forte abraço,

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×